Aggregator
今日更新第2章!系统0day安全-Windows平台漏洞挖掘(第5期)
1 year 4 months ago
马斯克的DOGE网站被黑客“玩坏”?可轻松篡改内容
1 year 4 months ago
埃隆·马斯克领导的政府效率部门(DOGE)网站因严重安全漏洞被黑客攻击,导致未经授权的用户可直接修改内容,甚至泄露机密信息。
安卓逆向基础知识之JNI开发与so层逆向基础
1 year 4 months ago
看雪论坛ID:黎明与黄昏
学术前沿 | 清华大学徐恪教授团队:兼顾高效与安全的松耦合跨域协作学习平台
1 year 4 months ago
Katharine Hayhoe: The most important climate equation | Starmus highlights
1 year 4 months ago
The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action
学术前沿 | 清华大学徐恪教授团队:兼顾高效与安全的松耦合跨域协作学习平台
1 year 4 months ago
CVE-2024-54395 | Becky Sanders Increase Sociability Plugin up to 1.3.0 on WordPress cross site scripting
1 year 4 months ago
A vulnerability was found in Becky Sanders Increase Sociability Plugin up to 1.3.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2024-54395. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-54386 | Get Push Monkey Push Monkey Pro Plugin up to 3.9 on WordPress cross-site request forgery
1 year 4 months ago
A vulnerability was found in Get Push Monkey Push Monkey Pro Plugin up to 3.9 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery.
This vulnerability is uniquely identified as CVE-2024-54386. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-54390 | Bouzid Nazim Zitouni TagGator Plugin up to 1.54 on WordPress cross site scripting
1 year 4 months ago
A vulnerability was found in Bouzid Nazim Zitouni TagGator Plugin up to 1.54 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2024-54390. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-54403 | Ryan Scott Visual Recent Posts Plugin up to 1.2.3 on WordPress cross site scripting
1 year 4 months ago
A vulnerability classified as problematic has been found in Ryan Scott Visual Recent Posts Plugin up to 1.2.3 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2024-54403. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-54422 | Gaowei Tang Evernote Sync Plugin up to 3.0.0 on WordPress cross site scripting
1 year 4 months ago
A vulnerability classified as problematic was found in Gaowei Tang Evernote Sync Plugin up to 3.0.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2024-54422. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-54406 | Reza Moallemi Comments On Feed Plugin up to 1.2.1 on WordPress cross site scripting
1 year 4 months ago
A vulnerability, which was classified as problematic, has been found in Reza Moallemi Comments On Feed Plugin up to 1.2.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2024-54406. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-54418 | Diversified Technology DTC Documents Plugin up to 1.1.05 on WordPress cross-site request forgery
1 year 4 months ago
A vulnerability has been found in Diversified Technology DTC Documents Plugin up to 1.1.05 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery.
This vulnerability was named CVE-2024-54418. The attack can be initiated remotely. There is no exploit available.
vuldb.com
Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication
1 year 4 months ago
Security researchers at Volexity have uncovered multiple Russian threat actors conducting sophisticated social engineering and spear-phishing campaigns targeting Microsoft 365 accounts through Device Code Authentication exploitation. The attacks, observed since mid-January 2025, involve three distinct groups: “CozyLarch (APT29),” “UTA0304,” and “UTA0307.” The threat actors impersonate officials from organizations like the US Department of State, Ukrainian […]
The post Multiple Russian Actors Attacking Orgs To Hack Microsoft 365 Accounts via Device Code Authentication appeared first on Cyber Security News.
Tushar Subhra Dutta
新型 “whoAMI” 攻击利用AWS AMI 名称混淆实现远程代码执行
1 year 4 months ago
与依赖混淆非常类似
报告:攻击面扩大,汽车网络威胁激增
1 year 4 months ago
攻击面扩大但安全措施不力
分析:网安巨头缘何急于收购DSPM初创企业?
1 year 4 months ago
数据安全态势管理成为云可视化的关键,但缺乏安全控制能力,成为被整合的目标。
Palo Alto防火墙又被黑:最新漏洞披露后第二天就遭利用
1 year 4 months ago
多方原因造成了这一状况
CVE-2007-1287 | PHP 4.4.4/4.4.5/4.4.6/6.0 phpinfo cross site scripting (EDB-3405 / Nessus ID 25830)
1 year 4 months ago
A vulnerability was found in PHP 4.4.4/4.4.5/4.4.6/6.0 and classified as problematic. This issue affects the function phpinfo. The manipulation leads to basic cross site scripting.
The identification of this vulnerability is CVE-2007-1287. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com