Aggregator

CVE-2010-5326 | SAP Netweaver Java Application Server up to 7.2 Invoker Servlet Detour privileges management (ID 12834 / BID-48925)

Vuldb Updates
7 months 4 weeks ago
A vulnerability, which was classified as critical, was found in SAP Netweaver Java Application Server up to 7.2. This affects an unknown part of the component Invoker Servlet. The manipulation leads to improper privilege management (Detour). This vulnerability is uniquely identified as CVE-2010-5326. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2011-0010 | Todd Miller sudo up to 1.7.4p4 check.c access control (Bug 668879 / Nessus ID 68480)

Vuldb Updates
7 months 4 weeks ago
A vulnerability, which was classified as problematic, has been found in Todd Miller sudo. This issue affects some unknown processing of the file check.c. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2011-0010. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2010-4849 | Alibabaclone Alibaba Clone B2B 3.4 countrydetails.php es_id sql injection (EDB-15650 / BID-45130)

Vuldb Updates
7 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in Alibabaclone Alibaba Clone B2B 3.4. Affected by this issue is some unknown functionality of the file countrydetails.php. The manipulation of the argument es_id leads to sql injection. This vulnerability is handled as CVE-2010-4849. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

恶意 PyPi 软件包窃取 Discord 开发者认证令牌

HackerNews
7 months 4 weeks ago
HackerNews 编译,转载请注明出处: 一个名为“pycord-self”的恶意软件包出现在Python包索引(PyPI)上,该软件包的目标用户为Discord开发者,旨在窃取认证令牌并在系统中植入后门以实现远程控制。 该软件包模仿了广受欢迎的“discord.py-self”软件包,后者下载量已近2800万次,并且甚至提供了正版项目的功能。 正版软件包是一个Python库,允许与Discord的用户API通信,并允许开发者以编程方式控制账户。 它通常用于消息传递和自动化交互、创建Discord机器人、编写自动化管理脚本、通知或响应,以及在不使用机器人账户的情况下运行命令或从Discord检索数据。 据代码安全公司Socket称,该恶意软件包去年6月被添加到PyPi上,截至目前已被下载885次。 截至发稿时,该软件包仍可通过一个已通过平台验证其详细信息的发布者从PyPI获取。 PyPI上的恶意软件包(图片来源:BleepingComputer) Socket研究人员分析了该恶意软件包,发现pycord-self包含执行两项主要操作的代码。一是从受害者处窃取Discord认证令牌并将其发送到外部URL。 攻击者可以使用窃取的令牌,在无需访问凭据的情况下劫持开发者的Discord账户,即使启用了双重身份验证保护也不例外。 该恶意软件包的第二个功能是,通过端口6969与远程服务器建立持久连接,从而设置一个隐蔽的后门机制。 Socket在报告中解释道:“根据操作系统的不同,它会启动一个shell(Linux上的“bash”或Windows上的“cmd”),使攻击者能够持续访问受害者的系统。” “后门在单独的线程中运行,这使得在软件包继续看似正常运行的同时难以检测到它。” 在机器上设置后门(图片来源:Socket) 建议软件开发人员避免在不确认代码来自官方作者的情况下安装软件包,尤其是热门软件包。验证软件包名称也可以降低遭遇拼写劫持攻击的风险。 在使用开源库时,如果可能的话,建议审查代码以查找可疑功能,并避免使用任何看似混淆的代码。此外,扫描工具可能有助于检测和阻止恶意软件包。 消息来源:Bleeping Computer, 编译:zhongx;  本文由 HackerNews.cc 翻译整理,封面来源于网络;   转载请注明“转自 HackerNews.cc”并附上原文
hackernews

CVE-2014-10034 | couponPHP prior 1.1.0 comments_paginate.php iDisplayStart sql injection (ID 125480 / EDB-32037)

Vuldb Updates
7 months 4 weeks ago
A vulnerability has been found in couponPHP and classified as critical. Affected by this vulnerability is an unknown functionality of the file comments_paginate.php. The manipulation of the argument iDisplayStart leads to sql injection. This vulnerability is known as CVE-2014-10034. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2006-0553 | PostgreSQL 8.1.0/8.1.1/8.1.2 Error SET COMMAND access control (VU#567452 / Nessus ID 21384)

Vuldb Updates
7 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in PostgreSQL 8.1.0/8.1.1/8.1.2. This affects the function SET COMMAND of the component Error Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2006-0553. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2006-0553 | PostgreSQL 8.1.0/8.1.1/8.1.2 SET SESSION AUTHORIZATION access control (VU#567452 / Nessus ID 21384)

Vuldb Updates
7 months 4 weeks ago
A vulnerability has been found in PostgreSQL 8.1.0/8.1.1/8.1.2 and classified as problematic. This vulnerability affects the function SET SESSION AUTHORIZATION. The manipulation leads to improper access controls. This vulnerability was named CVE-2006-0553. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2006-0476 | NullSoft WinAmp up to 5.12 Playlist File Name memory corruption (VU#604745 / EDB-3422)

Vuldb Updates
7 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in NullSoft WinAmp up to 5.12. Affected by this issue is some unknown functionality of the component Playlist File Name Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2006-0476. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to replace the affected component with an alternative.
vuldb.com

俄罗斯黑客组织 Star Blizzard 在新钓鱼攻击活动中瞄准 WhatsApp 账户

HackerNews
7 months 4 weeks ago
HackerNews 编译,转载请注明出处: 俄罗斯黑客组织Star Blizzard已被关联到一起新的钓鱼攻击活动,该活动瞄准受害者的WhatsApp账户,这标志着其可能为了逃避检测而改变了长期以来的作案手法。 微软威胁情报团队在与The Hacker News分享的一份报告中称:Star Blizzard的目标通常与政府或外交部门(包括现任和前任官员)、国防政策或涉及俄罗斯的国际关系研究人员,以及与俄乌战争相关的对乌克兰援助方有关。 Star Blizzard(原名SEABORGIUM)是一个与俄罗斯有关联的威胁活动集群,以凭证收集活动而闻名。该组织自2012年至少就已开始活跃,还曾被追踪为Blue Callisto、BlueCharlie(或TAG-53)、Calisto(或Callisto的另一种拼写)、COLDRIVER、Dancing Salome、Gossamer Bear、Iron Frontier、TA446和UNC4057等别名。 此前观察到的攻击链涉及向感兴趣的目标发送钓鱼邮件,通常来自Proton账户,邮件附件中包含恶意链接,这些链接会重定向到由Evilginx支持的页面,该页面能够通过中间人(AiTM)攻击收集凭证和二次验证(2FA)代码。 Star Blizzard还被关联到使用HubSpot和MailerLite等电子邮件营销平台来隐藏真实的电子邮件发件人地址,并避免在电子邮件消息中包含由黑客控制的域名基础设施。 去年年底,微软和美国司法部(DoJ)宣布查封了180多个域名,这些域名被该威胁组织用于在2023年1月至2024年8月期间瞄准记者、智库和非政府组织(NGO)。 这家科技巨头评估认为,对其活动的公开披露可能促使黑客团队通过攻击WhatsApp账户来改变策略。也就是说,该活动似乎规模有限,并在2024年11月底结束。 微软威胁情报战略总监Sherrod DeGrippo告诉The Hacker News:“目标主要属于政府和外交部门,包括现任和前任官员。” “此外,目标还包括涉及国防政策的人员、专注于俄罗斯的国际关系研究人员以及与俄乌战争相关的对乌克兰援助方。” 这一切始于一封自称来自美国政府官员的钓鱼邮件,以赋予其合法性,并增加受害者与其互动的可能性。 邮件中包含一个快速响应(QR)码,敦促收件人加入一个所谓的WhatsApp群组,讨论“最新的非政府组织支持乌克兰NGO的倡议”。然而,该代码是故意损坏的,以触发受害者的回复。 如果邮件收件人回复,Star Blizzard会发送第二条消息,要求他们点击一个t[.]ly缩短的链接加入WhatsApp群组,并为此带来的不便表示歉意。 微软解释道:“点击此链接后,目标会被重定向到一个网页,要求他们扫描二维码加入群组。然而,这个二维码实际上被WhatsApp用于将账户连接到链接的设备或WhatsApp网页版。” 如果目标按照网站(“aerofluidthermo[.]org”)上的指示操作,这种方法将允许威胁组织未经授权地访问其WhatsApp消息,甚至通过浏览器插件将数据外泄。 建议属于Star Blizzard目标行业的个人在处理包含外部链接的邮件时保持警惕。 该活动“标志着Star Blizzard长期以来的TTP(战术、技术和程序)的一次中断,并凸显出该威胁组织在持续进行钓鱼攻击以获取敏感信息方面的坚韧不拔,即使其行动多次遭到破坏也是如此”。   消息来源:The Hacker News, 编译:zhongx;  本文由 HackerNews.cc 翻译整理,封面来源于网络;   转载请注明“转自 HackerNews.cc”并附上原文
hackernews

Managed ad