Aggregator

A vulnerability was found in Microsoft Windows Server 2003/XP. It has been declared as critical. This vulnerability affects unknown code of the component TCP/IP IGMP Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2006-0021. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Microsoft Windows Server 2003/XP. Affected by this issue is some unknown functionality of the component Service Handler. The manipulation of the argument SERVICE_CHANGE_CONFIG leads to improper access controls. This vulnerability is handled as CVE-2006-0023. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft PowerPoint 2000/2002/2003/2004 and classified as very critical. This vulnerability affects unknown code of the component PPT Document Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2006-0022. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows 9/10. This affects an unknown part of the component Media Player. The manipulation as part of PNG Image leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-0025. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Oracle Financial Services Institutional Performance Analytics 8.0.4/8.0.5/8.0.6/8.0.7. Affected is an unknown function of the component Apache Log4j. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2019-11358. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 美国众议院正式禁止国会工作人员在政府配发设备上使用WhatsApp，理由是该应用存在安全风险。Axios率先报道了这一决定。 据众议院首席行政官（CAO）声明，此举源于对该应用安全性的担忧。CAO在备忘录中指出：“网络安全办公室认定WhatsApp对用户构成高风险，因其数据保护机制缺乏透明度、存储数据未加密，且使用过程存在潜在安全隐患。”因此，工作人员不得在政府配发的任何设备（包括手机、电脑及网页版）上安装该应用。 WhatsApp母公司Meta对此提出反驳，强调该平台默认采用端到端加密，其安全级别“高于CAO批准名单中的多数应用”。Meta传播总监安迪·斯通在社交平台X上回应：“我们以最强烈措辞反对众议院首席行政官的定性。我们知道议员及工作人员长期使用WhatsApp，期待众议院能像参议院那样正式批准其使用。” CAO推荐工作人员使用Microsoft Teams、亚马逊Wickr、Signal、苹果iMessage及FaceTime作为合规替代品。WhatsApp成为继TikTok、OpenAI ChatGPT及DeepSeek之后，众议院最新封禁的应用。 值得补充的是，上周Meta曾宣布将在WhatsApp引入广告，但承诺“绝不牺牲用户隐私”。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

每年都在实战，今年有啥不同？

A vulnerability classified as critical was found in Microsoft IIS 6.0. This vulnerability affects unknown code of the component ASP Code Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2006-0026. Attacking locally is a requirement. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Exchange 2000/2003. This affects an unknown part of the component Calender Collaboration Data Object Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-0027. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows NT 4.0/XP/2000/Server 2003. It has been rated as problematic. This issue affects some unknown processing of the component Distributed Transaction Coordinator. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2006-1184. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Microsoft Windows 2000/Server 2003/XP. Affected by this issue is some unknown functionality of the component Indexing Service. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2006-0032. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel 2.6.14 and classified as critical. Affected by this issue is some unknown functionality of the file netfilter/ip_nat_helper_pptp.c of the component PPTP NAT Helper. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2006-0036. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel 2.6.14. It has been classified as problematic. This affects an unknown part of the file netfilter/ip_nat_helper_pptp.c of the component PPTP NAT Helper. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-0037. The attack needs to be approached locally. There is no exploit available.

前言日常日站的时候偶然之间发现了一款误报比较少的springboot漏洞利用工具浅浅分享一下。工具说明工具目

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2350_B20230313 and classified as critical. Affected by this issue is the function setWiFiScheduleCfg. The manipulation of the argument week leads to os command injection. This vulnerability is handled as CVE-2024-57023. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in TOTOLINK X5000R 9.1.0cu.2350_B20230313. Affected by this vulnerability is the function setWiFiScheduleCfg. The manipulation of the argument eHour leads to os command injection. This vulnerability is known as CVE-2024-57021. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2350_B20230313. It has been classified as critical. This affects the function setWiFiScheduleCfg. The manipulation of the argument sHour leads to os command injection. This vulnerability is uniquely identified as CVE-2024-57022. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in TOTOLINK X5000R 9.1.0cu.2350_B20230313 and classified as critical. This vulnerability affects the function setVpnAccountCfg. The manipulation of the argument pass leads to os command injection. This vulnerability was named CVE-2024-57017. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2350_B20230313 and classified as critical. This issue affects the function setWiFiScheduleCfg. The manipulation of the argument sMinute leads to os command injection. The identification of this vulnerability is CVE-2024-57020. The attack may be initiated remotely. There is no exploit available.