Aggregator

A vulnerability, which was classified as critical, was found in Apple QuickTime 7.0.3/7.0.4. Affected is an unknown function of the component MOV Movie Handler. The manipulation leads to numeric error. This vulnerability is traded as CVE-2006-1249. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple QuickTime 7.0.3/7.0.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Flash Media Handler. The manipulation leads to numeric error. This vulnerability is known as CVE-2006-1249. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple QuickTime 7.0.3/7.0.4 and classified as critical. Affected by this issue is some unknown functionality of the component H.264 Movie Handler. The manipulation leads to numeric error. This vulnerability is handled as CVE-2006-1249. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Microsoft Internet Explorer up to 6. Affected by this vulnerability is an unknown functionality of the component HTML Tag Event Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2006-1245. The attack can be launched remotely. There is no exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability classified as critical was found in Microsoft Internet Explorer up to 6. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2006-1188. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

让新知识成为冒险游戏，用 AI 重构「学习」这件事 最近和一位游戏设计专家聊天时，我突然意识到一件很有趣的事。——我已经好几个月没打游戏了。不是因为工作太忙，更不是因为突然想通了要戒掉游戏。恰恰相反

A vulnerability was found in Human Head Studios Dead Mans Hand 1.3. It has been rated as problematic. This issue affects some unknown processing of the file UnChan.cpp. The manipulation leads to improper resource management. The identification of this vulnerability is CVE-2008-7011. The attack may be initiated remotely. Furthermore, there is an exploit available.

January 20, 2025Over on

A vulnerability classified as problematic has been found in Ascend CascadeView 1.0. Affected is an unknown function of the component TFTP Server. The manipulation leads to symlink following. This vulnerability is traded as CVE-2000-0015. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Windows NT 4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component WINS. The manipulation as part of UDP Packet leads to denial of service. This vulnerability is known as CVE-1999-0288. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

By •January 19, 2025•chatgpt

error code: 521

一、事件概述 近期，网络安全领域接连曝出针对研究人员的假PoC（概念验证）攻击事件，引发业界高度关注。2024年12月，微软在当月的补丁星期二更新中修复了两个关键的LDAP漏洞，分别是CVE-2024-49112和CVE-2024-49113。其中，CVE-2024-49113是一个拒绝服务（DoS）漏洞。然而，就在漏洞修复后不久，Trend Micro发现了一个名为“LDAPNightmare”的恶意利用，它伪装成CVE-2024-49113的PoC，通过一个恶意代码仓库，诱骗安全研究人员下载并执行信息窃取型恶意软件。该恶意软件会从受感染机器上收集敏感数据，包括计算机信息、运行进程、网络详情和已安装更新等，并将其传输到攻击者控制的远程服务器。 无独有偶，2023年，Palo Alto Networks的研究人员也发现了一个新的恶意软件活动，该活动针对WinRAR的CVE-2023-40477漏洞。攻击者使用一个基于GeoServer漏洞CVE-2023-25157公开PoC代码修改而来的假PoC脚本，诱骗研究人员下载并执行VenomRAT有效载荷。一旦执行，该恶意软件会在系统中创建计划任务，每隔三分钟运行一次，以持续运行恶意软件，进而控制受害者系统、执行命令并窃取数据。 包含 “poc.exe” 的存储库 二、技术分析过程 （1）LDAPNightmare攻击技术分析 攻击者精心构建了一个看似合法的恶意代码仓库，其中的Python文件被替换为恶意可执行文件。当研究人员下载并执行该文件后，会释放并执行一个PowerShell脚本。该脚本随后建立计划任务，从Pastebin下载并执行另一个恶意脚本，最终收集受害者的公网IP地址，并将窃取的数据传输到外部FTP服务器。 SafeBreach Labs对CVE-2024-49113进行了深入研究，并开发出了一个PoC利用工具（概念验证漏洞），这个工具能够致使任何未打补丁的Windows服务器（不仅仅是域控制器）崩溃，来证明此漏洞的严重危害程度。根据Microsoft的分析发现，还可以进一步利用此漏洞导致远程代码执行。其次，研究人员确实验证了Microsoft的补丁修复了越界漏洞，并且该漏洞无法使修补的服务器崩溃。具体其攻击流程如下： 攻击者向受害服务器发送DCE/RPC请求。 受害服务器被触发，向攻击者的DNS服务器发送关于SafeBreachLabs.pro的DNS SRV查询。 攻击者的DNS服务器回复攻击者的主机名和LDAP端口。 受害服务器发送NBNS请求，以查找收到的主机名（攻击者的）的IP地址。 攻击者发送带有其IP地址的NBNS响应。 受害服务器成为LDAP客户端，向攻击者的机器发送CLDAP请求。 攻击者发送带有特定值的CLDAP转介响应包，导致LSASS崩溃并强制重启受害服务器。 LDAPNightmare攻击流程 （2）VenomRAT恶意软件活动技术分析 Palo Alto Networks的安全研究人员发现了一个针对WinRAR中 CVE-2023-40477 漏洞的新恶意软件活动。该活动使用虚假的概念验证（PoC） 脚本来诱骗研究人员下载并执行VenomRAT有效载荷。虚假的PoC脚本基于跟踪的GeoServer中漏洞CVE-2023-25157公开可用的PoC代码。该代码已经过修改，以删除有关CVE-2023-25157漏洞详细信息的注释，并添加了下载和执行带有“检查依赖关系”注释的批处理脚本的其他代码。该脚本在%TEMP%/bat.bat创建批处理文件，连接到特定URL并运行响应内容，进而下载可执行文件并保存到%APPDATA%\Drivers\Windows.Gaming.Preview.exe，同时创建计划任务，每三分钟运行一次该可执行文件，以实现持久化运行。Windows.Gaming.Preview.exe 可执行文件是VenomRAT的变体，VenomRAT是一种远程访问木马（RAT）。VenomRAT可用于窃取数据、在受害者系统上执行命令以及远程控制系统。 Palo Alto Networks研究人员认为，该攻击活动背后的攻击者是以网络安全研究人员为目标的，以便控制与访问他们的系统并窃取他们的数据。研究人员还认为，攻击者还可能正在使用受感染的系统对其他组织发起进一步的攻击活动。 三、结论与建议 这些假PoC攻击事件凸显了网络安全领域面临的严峻挑战。攻击者利用研究人员对安全漏洞的关注和研究热情，通过伪装成PoC的恶意软件，成功渗透并窃取了研究人员的敏感信息，甚至可能进一步利用这些系统对其他组织发动攻击。因此，安全研究人员在下载和执行来自在线仓库的代码时必须保持高度警惕，优先选择官方来源，仔细审查仓库内容，验证仓库所有者或组织的真实性，并关注社区反馈，寻找可能的安全风险警示。同时，用户应确保及时更新软件至最新版本，避免点击不明链接，并使用有效的安全解决方案来检测和阻止恶意软件。   转自FreeBuf，原文链接：https://www.freebuf.com/news/420252.html 封面来源于网络，如有侵权请联系删除

A vulnerability classified as critical has been found in Lsoft LISTSERV 14.3/14.4. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-1044. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in shadow up to 4.0.7. Affected is the function open. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2006-1174. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Veritas NetBackup 4.5.0/5.1/6.0. This affects the function sscanf of the component Volume Manager Daemon. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2006-0989. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in MetalGenix GeniXCMS up to 0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file gxadmin/index.php of the component Administrator Account. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2015-2680. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

error code: 521

HackerNews 编译，转载请注明出处： Planet Technology的WGS-804HPT工业交换机存在严重漏洞，攻击者可通过串联这些漏洞，在其工业设备上实现远程代码执行。 WGS-804HPT工业交换机常用于楼宇和智能家居自动化网络中，用于连接物联网（IoT）设备、IP监控摄像头和无线局域网（WLAN）网络应用。该系列交换机配备了Web服务和简单网络管理协议（SNMP）管理接口。 Claroty研究人员披露了WGS-804HPT工业交换机中的三个漏洞，这些漏洞可串联利用，在易受攻击的设备上实现预认证远程代码执行。 Claroty发布的安全公告指出：“这些漏洞包括独立的缓冲区溢出漏洞、整数溢出漏洞和操作系统命令注入漏洞；我们成功开发了一个利用这些漏洞的漏洞利用程序，可在设备上远程运行代码。能够远程控制这些设备的攻击者可以利用它们进一步攻击内部网络中的其他设备，并进行横向移动。” 专家对固件的分析发现，WGS-804HPT交换机Web服务的dispatcher.cgi接口存在漏洞。以下是Claroty发现的漏洞： CVE-2024-48871（CVSS评分：9.8）——基于栈的缓冲区溢出漏洞使未经身份验证的攻击者能够通过恶意HTTP请求执行远程代码。 CVE-2024-52320（CVSS评分：9.8）——操作系统命令注入漏洞允许未经身份验证的攻击者通过恶意HTTP请求执行远程代码。 CVE-2024-52558（CVSS评分：5.3）——整数下溢漏洞使未经身份验证的攻击者能够通过格式错误的HTTP请求导致系统崩溃。 攻击者可利用这些漏洞劫持执行流程，并通过HTTP请求中的shellcode运行操作系统命令。 成功利用这些漏洞后，攻击者可通过在HTTP请求中嵌入shellcode来劫持执行流程，并获得执行操作系统命令的能力。 Planet Technology已发布固件版本1.305b241111以解决这些问题。 研究人员指出，QEMU使他们能够模拟关键组件，有助于发现漏洞、开发概念验证（PoC）和评估设备的潜在影响。 “我们已私下向总部位于台湾的Planet Technology披露了这些漏洞，该公司已解决这些安全问题，并建议用户将设备固件升级到版本1.305b241111。”报告总结道。 消息来源：Security Affairs, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

January 20, 2025Thank y