Aggregator

恶意软件整体较6月呈现活跃上升趋势

近期威胁情报速览！

恶意软件整体较6月呈现活跃上升趋势

近期威胁情报速览！

恶意软件整体较6月呈现活跃上升趋势

近期威胁情报速览！

恶意软件整体较6月呈现活跃上升趋势

近期威胁情报速览！

恶意软件整体较6月呈现活跃上升趋势

A vulnerability was found in HP Photo Digital Imaging Activex Control 2.0.0.133. It has been classified as critical. This affects an unknown part in the library hpqxml.dll of the component ActiveX Control. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2007-3487. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in AFTERLIFE WITH ARCHIE 2.4.1 and classified as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-6953. Access to the local network is required for this attack. There is no exploit available.

Кто стоит за очередной крупной кражей криптовалюты?

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

久違的筆記，想寫很久了但一直拖延，像是 CTF 這種東西的 writeup 其實速度滿重要的，因為賽後討論大部分都在 Discord 裡面發生，時間久了訊息比較難找，而且很有可能忘記，要趕快寫成 writeup 才能把那些實用的資訊記錄下來。

這篇一次帶來三個 CTF 的 writeup，有些我沒有打，只是純粹看著別人的筆記重新記一遍而已。

關鍵字列表：

1. bfcache
2. response splitting
3. Service-Worker-Allowed
4. gunicorn script_name
5. socket.io disconnect
6. socket.io JSONP CSP bypass
7. performance API
8. streaming HTML parsing
9. content-type ISO-2022-JP

The Information Commissioner’s Office says it’s pleased that LinkedIn has temporarily suspended its generative AI model training

A vulnerability classified as problematic was found in Acronis Cyber Protect Cloud Agent 36943/37758/38235 on Windows/macOS. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to execution with unnecessary privileges. This vulnerability is known as CVE-2024-8903. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Microsoft Windows 10/Server 2016. Affected is an unknown function of the component Kernel Memory Address Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2016-7258. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

这家公司希望成为为机器人热卖铲子的公司。

A vulnerability classified as critical has been found in Xiaomi Router AX9000 1.0.173. Affected is an unknown function. The manipulation leads to command injection. This vulnerability is traded as CVE-2024-45348. It is possible to launch the attack remotely. There is no exploit available.