Aggregator

主站 分类 漏洞 工具 极客

一个被标记为MUT-1244的攻击者利用植入木马的 WordPress 凭证检查器盗取了超过 39 万个 WordPress 凭证。

A vulnerability, which was classified as problematic, was found in SuSE Linux 9.0. Affected is an unknown function of the component YaST. The manipulation leads to symlink following. This vulnerability is traded as CVE-2004-0064. The attack needs to be initiated within the local network. Furthermore, there is an exploit available. It is recommended to disable the affected component.

在网站的使用过程中，往往需要对网站中的文件进行修改、升级。此时就需要对网站整站或者其中某一页面进行备份。当备份文件或者修改过程中的缓存文件因为各种原因而被留在网站 web 目录下，而该目录又没有设置访

A vulnerability was found in WebkitGTK+ up to 2.20.2. It has been classified as critical. This affects the function ImageBufferCairo of the file WebCore/platform/graphics/cairo/ImageBufferCairo.cpp. The manipulation as part of HTML Content leads to integer overflow. This vulnerability is uniquely identified as CVE-2018-12293. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

主站 分类 漏洞 工具 极客

苹果iOS和macOS系统中被曝光一个关键的安全漏洞，若被成功利用可能会绕过TCC框架，导致用户敏感信息被未经授权访问。

A vulnerability classified as problematic was found in Duplicator Plugin 0.5.10/1.1.3/1.2.32/1.3.0/1.4.7 on WordPress. This vulnerability affects unknown code. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-2552. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

原创漏洞 1. 摘要 这篇文章旨在介绍西门子博途19可以导致任意代码执行的反序列化漏洞，该漏洞会在任 […]

原创漏洞-西门子博途19全局配置文件反序列化漏洞分析 日期：2024年12月16日 阅：66

A vulnerability was found in Linux Kernel 2.4. It has been declared as problematic. Affected by this vulnerability is the function copy_to_user of the component USB Driver. The manipulation leads to information disclosure. This vulnerability is known as CVE-2004-0685. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

OverviewRecently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the A

Overview Recently, NSFOCUS CERT monitored that Apache released a security bulletin, fixing the Apache Struts arbitrary file upload vulnerability S2-067 (CVE-2024-53677). Due to a logical defect in the file upload function, an unauthenticated attacker can perform path traversal by controlling the file upload parameters, thereby uploading malicious files to achieve remote code execution. The CVSS […]

The post Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Apache Struts Arbitrary File Upload Vulnerability S2-067 (CVE-2024-53677) appeared first on Security Boulevard.