某公交系统漏洞分析
HisModules ERP 系统存在的严重安全缺陷
Aggregator
Bread 靶机渗透测试:利用 ACL/ACE 滥用攻击提权
1 day ago
Bread 靶机渗透测试:利用 ACL/ACE 滥用攻击提权前言Bread 靶机是由 maze-sec 团队开发的 Active Directory (AD) 环境靶场,旨在模拟真实域环境下的权限提升场景。本文记录了从信息收集到域控提权的完整过程,重点聚焦于 Wegia CMS 的 SQL 注入漏洞利用、密码爆破,以及通过 bloodyAD 工具进行的 ACL/ACE 滥用攻击。该靶机强调 AD
Submit #780725: Shandong Hoteam Software Co., Ltd. Huatian Software InforCenter PLM <8.3.8 Remote Code Execution [Accepted]
1 day ago
Submit #780725 / VDB-354450
0menc
Attack on axios software developer tool threatens widespread compromises
1 day ago
Researchers at numerous firms are sounding warnings about the supply-chain attack on an open-source project with 100 million weekly downloads.
The post Attack on axios software developer tool threatens widespread compromises appeared first on CyberScoop.
mbracken
Submit #780669: AutohomeCorp frostmourne frostmourne <= 1.0 Server-Side Request Forgery [Accepted]
1 day ago
Submit #780669 / VDB-354449
xcxr
Submit #780666: Sanster IOPaint 1.5.3 Path Traversal - Arbitrary File Read [Accepted]
1 day ago
Submit #780666 / VDB-354448
Yu_Bao
Submit #780723: code-projects Simple Laundry System V1.0 SQL injection [Accepted]
1 day ago
Submit #780723 / VDB-354447
ningfashui1996
Submit #780618: code-projects Simple Laundry System V1.0 SQL injection [Accepted]
1 day ago
Submit #780618 / VDB-354446
fftt
Submit #780617: code-projects Simple Laundry System V1.0 cross site scripting [Accepted]
1 day ago
Submit #780617 / VDB-354445
fftt
Submit #780615: welovemedia FFmate <= v2.0.15 Cross Site Scripting [Accepted]
1 day ago
Submit #780615 / VDB-354444
Fuzzing 艺术:如何通过覆盖率引导挖掘结构化文件漏洞
1 day ago
本文旨在研究 PDF 解析器 Xpdf 中的深度递归漏洞(CVE-2019-13288)。通过使用 AFL++ 模糊测试工具对 Xpdf 3.02 进行压力测试,成功捕获了由于畸形 PDF 文件引起的拒绝服务(DoS)崩溃
Submit #780614: bufanyun HotGo <= v2.0 Cross Site Scripting [Accepted]
1 day ago
Submit #780614 / VDB-354443
Submit #780613: z-9527 admin ≤ commit 72aaf2d Cross Site Scripting [Accepted]
1 day ago
Submit #780613 / VDB-354442
Submit #780607: z-9527 admin ≤ commit 72aaf2d Dynamically-Determined Object Attributes [Accepted]
1 day ago
Submit #780607 / VDB-354441
TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks
1 day 1 hour ago
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos.
The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), a lack of integrity check when fetching application update code, allowing an attacker to distribute a tampered update,
The Hacker News
«Я тебя не вижу». Появилась соцсеть Monnett — без алгоритмов, рекламной слежки и диктатуры ИИ
1 day 1 hour ago
Соцсеть размещена на европейских серверах и не собирает данные для таргетинга.
非洲研究显示气温超过 20 C 与男胎流产率上升相关
1 day 1 hour ago
发表在 PNAS 期刊上的一项研究分析了撒哈拉以南非洲 33 个国家近 300 万例分娩,发现孕妇怀孕早期暴露于 20 摄氏度以上的气温会增加流产风险,受到影响的主要是男胎。尽管 20 摄氏度不算特别热,但研究人员表示,他们的分析表明存在一个阈值效应:一旦温度超过该值,男婴出生率开始下降。更极端的气温没有导致相应的更大的变化,表明只有当热超过特定生物应激点时效应才会触发。这项研究反映了一个长期以来广泛认可的生物学原理——“男性体质虚弱假说”——该假说认为男胎在妊娠期间更容易受到压力影响,从而导致更高的流产率。
Submit #780716: 勾股开源 gougucms v4.08.18 Stored XSS [Accepted]
1 day 1 hour ago
Submit #780716 / VDB-354430
thinhnee
Submit #780589: 勾股开源 gougucms v4.08.18 Business Logic Errors [Accepted]
1 day 1 hour ago
Submit #780589 / VDB-354429
thinhnee
Amazon sends AI agents into pen testing and DevOps
1 day 1 hour ago
Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent. “These agents are changing the way we secure and operate software. AWS Security Agent compresses penetration testing timelines from 2-6 weeks to 1-2 days. AWS DevOps agent gives teams 3–5x faster incident resolution so they can spend less time on incident resolution and more time innovating”, said Swami Sivasubramanian, VP, AI Amazon Web Services. AWS Security Agent … More →
The post Amazon sends AI agents into pen testing and DevOps appeared first on Help Net Security.
Sinisa Markovic