Aggregator
CVE-2015-2678 | MetalGenix GeniXCMS up to 0.0.0 gxadmin/index.php page cross site scripting (Bug 130771 / EDB-36321)
1 year 3 months ago
A vulnerability was found in MetalGenix GeniXCMS up to 0.0.0. It has been classified as problematic. Affected is an unknown function of the file gxadmin/index.php. The manipulation of the argument page leads to cross site scripting.
This vulnerability is traded as CVE-2015-2678. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2001-1487 | Qualcomm Qpopper 4.0 popauth -trace symlink (EDB-21185 / XFDB-7707)
1 year 3 months ago
A vulnerability was found in Qualcomm Qpopper 4.0 and classified as problematic. This issue affects some unknown processing of the component popauth. The manipulation of the argument -trace leads to symlink following.
The identification of this vulnerability is CVE-2001-1487. Local access is required to approach this attack. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
滴!您有一封来自360安全大模型的年度报告待查收
1 year 3 months ago
2024年度盘点之安全大模型 | 落地垂直化场景,领跑智能体发展
满分五分,你给 Apple 的 2024 年打几分?
1 year 3 months ago
满分五分,你给 Apple 的 2024 年打几分? Apple 的 2024 年从 Vision Pro 的高调亮相开始。这款开启了全新产品线的 XR 设备带来了令人惊艳的视听效果和交互范式,但围
PyPI 恶意包窃取Discord 开发人员的认证令牌
1 year 3 months ago
速修复
WGS-804HPT 交换机中存在多个严重漏洞,可导致RCE和网络利用
1 year 3 months ago
速修复
PyPI 恶意包窃取Discord 开发人员的认证令牌
1 year 3 months ago
聚焦源代码安全,网罗国内外最新资讯!编译:代码卫士PyPI平台上的恶意包 “pycord-self” 窃取 Discord 开发人员的认证令牌并在系统上植入远程控制后门。该恶意包模拟的是非常热门的包
WGS-804HPT 交换机中存在多个严重漏洞,可导致RCE和网络利用
1 year 3 months ago
聚焦源代码安全,网罗国内外最新资讯!编译:代码卫士网络安全研究员在 Planet技术公司的 WGS-804HPT工业交换机中存在三个漏洞,它们可被用于在可疑设备上实现预认证远程代码执行。上周四,Cl
APT-C-26(Lazarus)组织持续升级攻击武器,利用Electron程序瞄准加密货币行业
1 year 3 months ago
360高级威胁研究院捕获到了Lazarus组织利用Electron打包的恶意程序,该程序伪装成货币平台的自动化交易工具安装包,被用来对加密货币行业相关人员进行攻击
APT-C-26(Lazarus)组织持续升级攻击武器,利用Electron程序瞄准加密货币行业
1 year 3 months ago
360高级威胁研究院捕获到了Lazarus组织利用Electron打包的恶意程序,该程序伪装成货币平台的自动化交易工具安装包,被用来对加密货币行业相关人员进行攻击
APT-C-26(Lazarus)组织持续升级攻击武器,利用Electron程序瞄准加密货币行业
1 year 3 months ago
360高级威胁研究院捕获到了Lazarus组织利用Electron打包的恶意程序,该程序伪装成货币平台的自动化交易工具安装包,被用来对加密货币行业相关人员进行攻击
APT-C-26(Lazarus)组织持续升级攻击武器,利用Electron程序瞄准加密货币行业
1 year 3 months ago
360高级威胁研究院捕获到了Lazarus组织利用Electron打包的恶意程序,该程序伪装成货币平台的自动化交易工具安装包,被用来对加密货币行业相关人员进行攻击
APT-C-26(Lazarus)组织持续升级攻击武器,利用Electron程序瞄准加密货币行业
1 year 3 months ago
360高级威胁研究院捕获到了Lazarus组织利用Electron打包的恶意程序,该程序伪装成货币平台的自动化交易工具安装包,被用来对加密货币行业相关人员进行攻击
APT-C-26(Lazarus)组织持续升级攻击武器,利用Electron程序瞄准加密货币行业
1 year 3 months ago
360高级威胁研究院捕获到了Lazarus组织利用Electron打包的恶意程序,该程序伪装成货币平台的自动化交易工具安装包,被用来对加密货币行业相关人员进行攻击
CVE-2010-2436 | AneCMS AneCMS Blog 1.3 sql injection (EDB-34141 / XFDB-59436)
1 year 3 months ago
A vulnerability was found in AneCMS AneCMS Blog 1.3. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection.
This vulnerability is uniquely identified as CVE-2010-2436. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
B站2025年第一个大瓜,“代码投毒”报复用户
1 year 3 months ago
这不仅暴露了B站在内部管理和技术安全方面的漏洞,也引发了大众对用户信息安全的担忧。
Qilin
1 year 3 months ago
cohenido
Космическое ничто: зачем мы изучаем пустоты во Вселенной
1 year 3 months ago
Величайшие тайны мироздания всё еще остаются нераскрытыми.
Information Security Manual (ISM)
1 year 3 months ago
What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats. The ISM is relevant to industries like government, defense, finance, healthcare, and other sectors where sensitive […]
The post Information Security Manual (ISM) appeared first on Centraleyes.
The post Information Security Manual (ISM) appeared first on Security Boulevard.
Deborah Erlanger