Aggregator

在近期的网络安全事件中，一款提权工具被发现植入了后门，攻击者利用 Visual Studio 项目的 .suo 文件作为隐蔽的攻击媒介。由于 .suo 文件通常是隐藏的配置文件，且安全研究人员对其内容

01欢迎加入社区为了更好地应对基于.NET技术栈的风险识别和未知威胁，dotNet安全矩阵星球从创建以来一直聚焦于.NET领域的安全攻防技术，定位于高质量安全攻防星球社区，也得到了许多师傅们的支持和信

文件上传功能是 Web 应用中非常重要且敏感的部分，如果缺乏完善的安全控制，极易成为攻击者利用的突破口。本文通过对 .NET 某 ERP 系统的两个文件上传功能进行代码审计与漏洞分析，揭示了潜在的任意

A vulnerability has been found in SolarWinds Security Event Manager up to 2023.4 and classified as very critical. Affected by this vulnerability is an unknown functionality of the component Service. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-0692. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Jeewms up to 3.7. This issue affects some unknown processing of the component AuthInterceptor. The manipulation leads to path traversal: 'dir/../../filename'. The identification of this vulnerability is CVE-2024-27764. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Plone 6.0.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-22889. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Jeewms up to 3.7 and classified as critical. Affected by this issue is some unknown functionality of the component cgformTemplateController. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-27765. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in User Registration Plugin up to 3.1.4 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-1720. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WP Chat App Plugin up to 3.6.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Block Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1761. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Prime Slider Plugin up to 3.13.1 on WordPress. This affects an unknown part of the component Fiestar Widget. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-1506. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Restaurant Reservations Plugin up to 1.9 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-1382. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in code-projects Online Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the component Employer Handler. The manipulation of the argument Username leads to sql injection. This vulnerability is traded as CVE-2023-41014. The attack can only be initiated within the local network. There is no exploit available.

複数のマイクロソフト製品には、脆弱性があります。同社は、今回修正された一部の脆弱性を悪用する攻撃をすでに確認しているとのことです。この問題は、Microsoft Updateなどを用いて、更新プログラムを適用することで解決します。詳細は、開発者が提供する情報を参照してください。

近日，国内网络安全行业权威机构等级保护测评正式公布2024年网络安全优秀评选获奖名录，威努特一举斩获该评选设立的全部三项大奖：威努特以优异的综合实力和市场竞争力被评为“优秀十强企业”；威努特数据数据备

优秀十强企业、十大优秀产品、十大优秀案例！

基本概念JSON Web Token (JWT)是一个开放标准 ( RFC 7519)，它定义了一种紧凑且自包含的方式，用于在各方之间以JSON对象的形式安全传输信息。此信息可以验证和信任，因为它是数