Aggregator
〖Tech〗Ladon Exchange 密码爆破教程
4 months 3 weeks ago
=============================================================================================
++++++++++++++++++++++++++++++++++++++++
K8gege
〖Tool〗Ladon Study 让小白快速入门网络安全的工具
4 months 3 weeks ago
K8gege
〖教程〗ChatGPT编写Ladon渗透工具插件视频教程
4 months 3 weeks ago
K8gege
The true (and surprising) cost of forgotten passwords
4 months 3 weeks ago
Password resets are more expensive for your organization than you may realize. Learn more from Specops Software on why password resets are so expensive and how a self-service password reset solution can save you money. [...]
Sponsored by Specops Software
Washington's Cybersecurity Storm of Complacency
4 months 3 weeks ago
If the government truly wants to protect the US's most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.
Jeffrey Wells
债务减免公司遭遇数据泄露 150 万客户信息遭泄露
4 months 3 weeks ago
安全客
CISA 在 KEV 目录中增加了五个被积极利用的漏洞
4 months 3 weeks ago
安全客
AI 只能完成高等数学新测试问题的不到 2%
4 months 3 weeks ago
基于大模型的 AI 系统如 GPT-4 和 Gemini 1.5 Pro 能以九成以上的正确率完成传统数学测试问题。但如果设计出一种全新的、大模型不可能训练过的数学难题呢?包括菲尔兹奖得主陶哲轩和 Timothy Gowers 在内的 60 多名数学家合作编写了数百道原创研究级数学难题,推出了新的高等数学基准测试 FrontierMath。这些问题非常具有挑战性,陶哲轩称需要相关领域研究生级别的专业人士合作才能完成。问题被设计为防猜测,如果没有正确的数学推理能力,它们是不可能解出的。顶级的 AI 系统只能完成不到 2% 的 FrontierMath 问题,显示它们的推理能力有局限性。
Malware Spotlight: A Deep-Dive Analysis of WezRat
4 months 3 weeks ago
Key Findings: Introduction On October 30th, the FBI, the US Department of Treasury, and the Israeli National Cybersecurity Directorate (INCD) released a joint Cybersecurity Advisory regarding recent activities of the Iranian cyber group Emennet Pasargad. The group recently operated under the name Aria Sepehr Ayandehsazan (ASA) and is affiliated with the Iranian Islamic Revolutionary Guard Corps (IRGC). […]
The post Malware Spotlight: A Deep-Dive Analysis of WezRat appeared first on Check Point Research.
samanthar@checkpoint.com
OvrC 平台漏洞使物联网设备面临远程攻击和代码执行风险
4 months 3 weeks ago
安全客
ModeLeak漏洞:研究人员在Google Vertex AI中发现权限提升和模型泄露威胁
4 months 3 weeks ago
安全客
CVE-2023-4458 | Linux Kernel ksmbd smb2_open out-of-bounds
4 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function smb2_open of the component ksmbd. The manipulation leads to out-of-bounds read.
This vulnerability is uniquely identified as CVE-2023-4458. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-7474 | lunary-ai lunary up to 1.3.3 id access control
4 months 3 weeks ago
A vulnerability was found in lunary-ai lunary up to 1.3.3. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument id leads to improper access controls.
This vulnerability was named CVE-2024-7474. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-7010 | mudler localai up to 2.20 information disclosure
4 months 3 weeks ago
A vulnerability classified as problematic was found in mudler localai up to 2.20. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure.
This vulnerability is known as CVE-2024-7010. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-11207 | Apereo CAS 6.6 /login redirect_uri
4 months 3 weeks ago
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect.
This vulnerability is known as CVE-2024-11207. The attack can be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-11209 | Apereo CAS 6.6 2FA /login?service improper authentication
4 months 3 weeks ago
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication.
This vulnerability is uniquely identified as CVE-2024-11209. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-10962 | WPvivid Plugin up to 0.9.107 on WordPress code injection
4 months 3 weeks ago
A vulnerability classified as critical was found in WPvivid Plugin up to 0.9.107 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection.
This vulnerability is known as CVE-2024-10962. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-7730 | QEMU virtio-snd Device virtio_snd_pcm_in_cb heap-based overflow (Nessus ID 210736)
4 months 3 weeks ago
A vulnerability was found in QEMU. It has been declared as critical. Affected by this vulnerability is the function virtio_snd_pcm_in_cb of the component virtio-snd Device. The manipulation leads to heap-based buffer overflow.
This vulnerability is known as CVE-2024-7730. The attack can only be done within the local network. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2024-3447 | QEMU sdhci_write_dataport heap-based overflow (Nessus ID 209571)
4 months 3 weeks ago
A vulnerability was found in QEMU. It has been classified as critical. This affects the function sdhci_write_dataport. The manipulation leads to heap-based buffer overflow.
This vulnerability is uniquely identified as CVE-2024-3447. Access to the local network is required for this attack. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com