Aggregator

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of the argument url leads to server-side request forgery. This vulnerability is known as CVE-2025-1849. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unknown function of the file /import_data_check. The manipulation of the argument url leads to server-side request forgery. This vulnerability is traded as CVE-2025-1848. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-1847. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in zj1983 zz up to 2024-8. It has been declared as problematic. This vulnerability affects the function deleteLocalFile of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.java of the component File Handler. The manipulation of the argument zids leads to denial of service. This vulnerability was named CVE-2025-1846. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #505346 / VDB-298117

Submit #505345 / VDB-298116

Submit #505303 / VDB-298115

Submit #505097 / VDB-298114

jokeir 07x Defaced the Website of Enigma VR

哈工大航天学院的研究人员研发出一种能在地面滚动也能在空中飞行的空地两用无人机。无人机重 300 克，能随时起飞、穿越障碍物，拥有超强的续航能力，在火星上具有巨大的应用潜力。航天学院的博士生朱益民称，在地面上，它主要通过由伺服电机控制的重心摆动实现向前滚动。在空中，它依靠一对方向相反的共轴旋翼，由舵机实现方向调整，进行力矩和力的控制，最终实现稳定飞行。该无人机的续航能力能达到同尺寸无人机的六倍以上。

Author/Presenter: Gunnar Andrews

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Efficient Bug Bounty Automation Techniques appeared first on Security Boulevard.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability was found in Apple macOS. It has been classified as critical. This affects an unknown part of the component Web Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-44155. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was suspected in Linux Kernel up to 5.17.3. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was found in Apple iOS and iPadOS. It has been declared as critical. This vulnerability affects unknown code of the component Web Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-44155. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple watchOS. It has been rated as critical. This issue affects some unknown processing of the component Web Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-44155. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple Safari. Affected is an unknown function of the component Web Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-44155. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.