JVN: baserCMS用プラグイン「BurgerEditor」におけるディレクトリリスティングの脆弱性
株式会社ディーゼロが提供するbaserCMS用プラグイン「BurgerEditor」には、ディレクトリリスティングの脆弱性が存在します。
Aggregator
评论 | 培育良好数据产业生态
5 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063文 | 国家发展改革委国家信息中心正高级工程师 王晓冬当前,我国数据产业蓬勃发展,产业规模约2万亿元,企业数量超19万家
专家解读 | 有序构建公共数据开发利用规则 提高公共数据使用效益
5 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063文 | 北京理工大学法学院 包晓丽 宋静然为加快公共数据资源开发利用,充分释放公共数据要素潜能,推动数字经济高质量发展,
前沿 | 为什么要建立人工智能安全监管制度
5 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063《中共中央关于进一步全面深化改革、推进中国式现代化的决定》提出:“建立人工智能安全监管制度。”这是党中央统筹发展与安全,
PTZ摄像头中的严重0day漏洞遭利用
5 months ago
聚焦源代码安全,网罗国内外最新资讯!编译:代码卫士攻击者正在尝试利用 PTZOptics pan-tilt-zoom (PTZ) 实时流摄像头中的两个0day漏洞。这些摄像头用于工业、医疗、商业会议
用户名太长的坏处:Okta 修复认证绕过漏洞
5 months ago
聚焦源代码安全,网罗国内外最新资讯!编译:代码卫士Okta 修复了一个认证绕过漏洞,影响拥有长用户名或长域名的用户。该漏洞可导致犯罪分子仅通过一个用户名就通过 Okta 公司的 AD/LDAP 授权
关注 | 3项网络安全国家标准获批发布
5 months ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
专题·勒索软件治理 | 勒索软件攻击发展趋势分析
5 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063文 | 深信服科技股份有限公司 王振兴 安东冉随着数字化经济的飞速发展,网络环境也面临着诸多安全威胁,勒索软件攻击是近年
发布 | 安全可靠测评结果汇总
5 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063安全可靠测评结果汇总安全可靠测评主要面向计算机终端和服务器搭载的中央处理器(CPU)、操作系统以及数据库等基础软硬件产品
CVE-2008-4514 | Konqueror 3.5.9 HTML Parser input validation (EDB-6689 / XFDB-45710)
5 months ago
A vulnerability classified as problematic was found in Konqueror 3.5.9. Affected by this vulnerability is an unknown functionality of the component HTML Parser. The manipulation leads to improper input validation.
This vulnerability is known as CVE-2008-4514. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-5697 | skype Extension For Firefox 2.2.0.95 skype_tool.copy_num string information disclosure (EDB-6690 / XFDB-45739)
5 months ago
A vulnerability was found in skype Extension For Firefox 2.2.0.95. It has been rated as problematic. Affected by this issue is some unknown functionality of the file skype_tool.copy_num. The manipulation of the argument string leads to information disclosure.
This vulnerability is handled as CVE-2008-5697. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-5873 | Yerba 6.3/6.28 access control (EDB-6691 / XFDB-45734)
5 months ago
A vulnerability, which was classified as critical, was found in Yerba 6.3/6.28. This affects an unknown part. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2008-5873. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-4421 | Hammer-software MetaGauge 1.0.0.17/1.0.0.20 path traversal (EDB-6686 / XFDB-45697)
5 months ago
A vulnerability was found in Hammer-software MetaGauge 1.0.0.17/1.0.0.20. It has been classified as critical. Affected is an unknown function. The manipulation leads to path traversal.
This vulnerability is traded as CVE-2008-4421. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2008-4486 | Yerba 6.3/6.28 index.php mod path traversal (EDB-6687 / XFDB-45708)
5 months ago
A vulnerability was found in Yerba 6.3/6.28 and classified as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument mod leads to path traversal.
The identification of this vulnerability is CVE-2008-4486. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-4527 | PHP-Fusion Recepies Module 1.1 recept.php kat_id sql injection (EDB-6683 / XFDB-45674)
5 months ago
A vulnerability was found in PHP-Fusion Recepies Module 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file recept.php. The manipulation of the argument kat_id leads to sql injection.
This vulnerability is handled as CVE-2008-4527. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-4529 | asiCMS 0.208 MemCached Association.php _ENV[asicms][path] code injection (EDB-6685 / XFDB-45684)
5 months ago
A vulnerability was found in asiCMS 0.208. It has been declared as critical. This vulnerability affects unknown code of the file Association.php of the component MemCached. The manipulation of the argument _ENV[asicms][path] leads to code injection.
This vulnerability was named CVE-2008-4529. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-4490 | phpAbook 0.8.4b/0.8.6b/0.8.7b/0.8.8b config.inc.php path traversal (EDB-6679 / XFDB-45680)
5 months ago
A vulnerability classified as problematic has been found in phpAbook 0.8.4b/0.8.6b/0.8.7b/0.8.8b. This affects an unknown part of the file config.inc.php. The manipulation leads to path traversal.
This vulnerability is uniquely identified as CVE-2008-4490. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2008-4521 | PHP-Fusion World Of Warcraft Tracker Infusion Module 2.0 thisraidprogress.php INFO_RAID_ID sql injection (EDB-6682 / XFDB-45675)
5 months ago
A vulnerability was found in PHP-Fusion World Of Warcraft Tracker Infusion Module 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file thisraidprogress.php. The manipulation of the argument INFO_RAID_ID leads to sql injection.
This vulnerability is handled as CVE-2008-4521. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
守住数据安全的第一道防线——权限管理全解析
5 months ago
现代企业信息化建设愈发深入,数据安全愈发重要,权限和账号管理制度已经成为数据安全体系中的重中之重。这套“权限账号管理”制度从多个层面出发,确保各岗位人员仅能访问其必要的系统和数据,严控操作权限....
CVE-2008-4516 | galerie 3.2 galerie.php pic sql injection (EDB-6675 / XFDB-45698)
5 months ago
A vulnerability, which was classified as critical, was found in galerie 3.2. This affects an unknown part of the file galerie.php. The manipulation of the argument pic leads to sql injection.
This vulnerability is uniquely identified as CVE-2008-4516. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com