Aggregator

A vulnerability was found in OpenJPEG up to 2.1.x. It has been classified as critical. This affects the function opj_mqc_byteout of the file mqc.c. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-10504. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

最近研究了一下PHP的代码审计，为了更快速审计php代码，实现一个静态审计工具。

1. 实现了对PHP的opcode解析
2. 基于1实现了对函数以及参数的分析
3. 基于1实现了对变量和函数参数是否静态的分析

介绍 随着互联网技术的不断发展，用户对于网站加载速度和安全性的需求越来越高。HTTP/3作为最新的网络协议，通过采用QUIC传输层协议，进一步提升了网页传输的效率和安全性。相比HTTP/2，HT...

介绍 Cloudflare缓存加速技术主要通过将静态内容存储在其全球分布的CDN（内容分发网络）节点上，从而提高网站的加载速度和性能。以下是一些主要特性和优势： 全球CDN：Cloudflar...

Hitte, dichte begroeiing, extreme hoge luchtvochtigheid en levensgevaarlijke planten en dieren. Voor militairen is geen gebied ter wereld zo uitdagend als de jungle. Daarom volgen militairen van de Luchtmobiele Brigade en het Korps Mariniers de loodzware Jungle Warfare Course. Want, als je het Surinaamse oerwoud aankunt, kun je alles aan.

Власти города уже три месяца не могут справиться с последствиями кибератаки.

The SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading disclosures about the impact of the SolarWinds Orion hack. The US Securities and Exchange Commission (SEC) charged four companies, Unisys, Avaya, Check Point, and Mimecast for misleading public disclosures related to the supply chain attack on SolarWinds. The SEC fined the four companies for […]

A vulnerability classified as critical was found in Fortify Software Security Center 17.1/17.2/18.1. Affected by this vulnerability is an unknown functionality of the component XML Data Handler. The manipulation as part of XML Request leads to xml external entity reference. This vulnerability is known as CVE-2018-12463. The attack can be launched remotely. Furthermore, there is an exploit available.

Новая библиотека бросает вызов языку C.

勒索攻击形势严峻，数据泄露触目惊心，安全防御刻不容缓！

Stream.Security closed a $30 million Series B funding round led by U.S. Venture Partners, with participation from new investors, Citi Ventures, and existing investors, Energy Impact Partners (EIP), Cervin Ventures, TLV Partners, and Glilot Capital Partners VC. This new round of funding brings the total investment in Stream.Security to $55 million. Stream.Security’s Cloud Twin technology provides SecOps teams with real-time cloud threat and exposure modeling to accelerate response. As a result, SecOps teams can trust … More →

The post Stream.Security raises $30 million to boost cloud security appeared first on Help Net Security.

Grafana认证后DuckDB-SQL注入漏洞(CVE-2024-9264)

45% of security breaches in the energy sector in the past year were third-party related, according to a report by Security Scorecard and KPMG

A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. This vulnerability is traded as CVE-2024-10293. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5.1/upload/ChangeTable.php. The manipulation of the argument savefilename leads to unrestricted upload. The identification of this vulnerability is CVE-2024-10292. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection. This vulnerability was named CVE-2024-10291. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-10290. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.