Aggregator

今天才看到 Obsidian 的 CEO Steph Ango 写过 80 个问题，是他用于每年、每十年自问的。感觉这些问题还有点意思，先分享出来，或许可以做些增删，调整出一份适合自己的，然后定期回顾

新的一年快到了，或许你也可以自己问问自己，以及后续每年问问自己。

Submit #472068 / VDB-289788

A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an NSA employee. The disclosure, made on X (formerly Twitter), reveals a severe security flaw that could have far-reaching implications for both individual users and organizations globally. GBHackers recently reported a severe security vulnerability […]

The post New 7-Zip 0-Day Exploit Allegedly Leaked Online Via ‘X’ appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Pos

A vulnerability was found in PHPSlash 0.5.3.2/0.6.1 and classified as critical. Affected by this issue is some unknown functionality of the file block_render_url.class of the component Administrator Handler. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2001-1334. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Web-app.org WebAPP up to 0.9.9.3.2. It has been rated as problematic. This issue affects some unknown processing of the file index.cgi. The manipulation of the argument vsSD leads to basic cross site scripting. The identification of this vulnerability is CVE-2006-1427. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in TitanHQ SpamTitan 7.07. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file certs-x.php. The manipulation of the argument fname as part of Parameter leads to improper input validation. This vulnerability is known as CVE-2020-11700. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in LANDesk LANDesk Management Suite up to 8.80.1.1. Affected is an unknown function of the file PXEMTFTP.exe of the component TFTP Service. The manipulation leads to path traversal. This vulnerability is traded as CVE-2008-6195. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Apple iTunes 10.6.3. It has been rated as critical. This issue affects some unknown processing of the component WebKit. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2012-3705. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple iTunes 10.6.3. Affected is an unknown function of the component WebKit. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2012-3706. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iTunes 10.6.3. It has been classified as critical. This affects an unknown part of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-3703. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iTunes 10.6.3. It has been declared as critical. This vulnerability affects unknown code of the component WebKit. The manipulation leads to memory corruption. This vulnerability was named CVE-2012-3704. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple iOS up to 5.1.1. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is known as CVE-2012-3703. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple iOS up to 5.1.1. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2012-3704. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iTunes 10.6.3 and classified as critical. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2012-3702. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Excel and PowerPoint 98/2000/2001/2002. It has been classified as critical. This affects an unknown part of the component Data Stream Handler. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2001-0718. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Internet Explorer 5.5/6.0. It has been classified as critical. This affects an unknown part of the component Content Header Handler. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2001-0727. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Services 2.0 on Unix. It has been classified as problematic. This affects an unknown part of the component Request Handler. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2001-0505. It is possible to initiate the attack remotely. There is no exploit available.