Aggregator

codeql 之 SSRF 漏洞自动化 寻找

MaxKB远程命令执行漏洞分析(CVE-2024-56137)

Lua项目下SSRF利用Redis文件覆盖lua回显RCE

软件系统安全赛CachedVisitor详解——记一次对Redis+ssrf的详细分析

Sharp4Rundll32：一款通过.NET反射实现Rundll32功能绕过安全防护的工具

aws之创建后门实现持久化利用的方式

记一次题型VM-软件系统安全赛-pwn-

免杀基础-硬断Hook

从PAGE_GUARD HOOK 到内存扫描规避

Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs.

The post Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data appeared first on Security Boulevard.

The personal information of some students and teachers in school districts across the United Sta

A vulnerability, which was classified as critical, was found in 2daybiz Multi Level Marketing Software. Affected is an unknown function of the file viewnews.php of the component Marketing. The manipulation of the argument nwsid leads to sql injection. This vulnerability is traded as CVE-2010-2511. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Исследователи раскрыли механизм навязчивых воспоминаний.

Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. [...]

NoName057(16) Targeted Many Websites in Canada

A vulnerability, which was classified as problematic, was found in ffingerd 1.19. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-1999-0492. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

As software supply chains grow more complex, organizations face increasing challenges to manage and secure open source components.

The post Unlock collaboration and efficiency in software management with SBOMs appeared first on Security Boulevard.

404 Media is reporting on all the apps that are spying on your location, based on a hack o

A vulnerability has been found in FreeType 2.8.1 and classified as problematic. This vulnerability affects the function cf2_doFlex of the file cff/cf2intrp.c. The manipulation leads to integer overflow. This vulnerability was named CVE-2025-23022. Attacking locally is a requirement. There is no exploit available.