Aggregator

A vulnerability identified as critical has been detected in cym1102 nginxWebUI up to 3.9.9. This impacts an unknown function of the file /adminPage/main/upload. Performing manipulation of the argument File results in os command injection. This vulnerability is reported as CVE-2024-3739. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in cym1102 nginxWebUI up to 3.9.9. Affected is the function exec of the file /adminPage/conf/reload. Executing manipulation of the argument nginxExe can lead to deserialization. This vulnerability appears as CVE-2024-3740. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Ruijie RG-UAC up to 20240419. This vulnerability affects unknown code of the file /view/network Config/GRE/gre_edit_commit.php. Executing manipulation of the argument Name can lead to os command injection. The identification of this vulnerability is CVE-2024-4255. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Ruijie RG-UAC 1.0 and classified as critical. The affected element is an unknown function of the file /view/systemConfig/reboot/reboot_commit.php. The manipulation of the argument servicename results in os command injection. This vulnerability is cataloged as CVE-2024-6184. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Ruijie RG-UAC 1.0. It has been declared as critical. This affects an unknown function of the file /view/userAuthentication/SSO/commit.php. Such manipulation of the argument ad_log_name leads to os command injection. This vulnerability is documented as CVE-2024-6186. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Ruijie RG-UAC 1.0. It has been rated as critical. This impacts an unknown function of the file /view/vpn/autovpn/sub_commit.php. Performing manipulation of the argument key results in os command injection. This vulnerability is reported as CVE-2024-6187. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in Ruijie RG-UAC 1.0. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. Performing manipulation of the argument indevice results in command injection. This vulnerability is identified as CVE-2024-6269. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Siemens SINEMA Remote Connect Client up to 3.2 and classified as critical. This vulnerability affects unknown code of the component Configuration Handler. Such manipulation leads to command injection. This vulnerability is referenced as CVE-2024-39567. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Htmly 2.9.5 and classified as problematic. This issue affects some unknown processing of the component Menu Editor Module. This manipulation of the argument Link Name causes cross site scripting. This vulnerability is tracked as CVE-2024-30953. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in vanessa219 Vditor 3.10.3. It has been rated as problematic. The impacted element is an unknown function of the component Element Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-34449. It is possible to initiate the attack remotely. There is no exploit available. It is still unclear if this vulnerability genuinely exists. It is recommended to change the configuration settings.

A vulnerability, which was classified as critical, has been found in Flatpak. Affected is an unknown function. This manipulation causes argument injection. This vulnerability is registered as CVE-2024-32462. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in aio-libs aiohttp up to 3.9.3. This issue affects some unknown processing of the component Index Pages. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2024-27306. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A 21-year-old Florida man at the center of a prolific cybercrime group known as "Scattered Spider" was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims. Noah Michael Urban of Palm Coast, Fla. pleaded guilty in April 2025 to charges of wire fraud and conspiracy. Florida prosecutors alleged Urban conspired with others to steal at least $800,000 from five victims via SIM-swapping attacks that diverted their mobile phone calls and text messages to devices controlled by Urban and his co-conspirators.

SSTImap SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to...

The post SSTImap: About Automatic SSTI detection tool appeared first on Penetration Testing Tools.

微软承认Windows 11更新可能导致固态硬盘故障，正与合作伙伴调查问题原因。部分SSD在连续写入50GB以上数据后出现无法识别、黑屏死机或格式化为RAW状态。受影响SSD多使用群联主控芯片。目前尚未确认问题原因及修复方案。

error code: 521

HackerNews 编译，转载请注明出处： 英国于8月21日宣布新一轮制裁措施，矛头直指吉尔吉斯斯坦境内被控协助俄罗斯规避制裁的金融机构与加密网络。 此次英国制裁与美国行动形成呼应，针对为乌克兰战争输送资金、支持克里姆林宫海外恶意活动及俄罗斯勒索软件生态的实体。此前，美国官员本月早些时候已对多家加密货币交易所更新制裁，包括支撑吉尔吉斯斯坦加密代币A7A5的基础设施——英国政府称该代币“专为规避西方制裁而设计”。 制裁目标包括吉尔吉斯斯坦公司Old Vector（发行A7A5代币的主体）。据Chainalysis报告，该公司自成立以来“处理资金逾510亿美元”。英国外交部声明补充道，制裁还覆盖“吉尔吉斯斯坦的Capital银行及其董事坎特米尔·查尔巴耶夫，俄罗斯利用该银行为军事物资付款”。这些实体在英资产已被冻结。 英国制裁事务大臣斯蒂芬·道蒂警告，克里姆林宫正试图通过“可疑加密网络”为乌克兰战争筹资。他表示新措施将在“关键时刻持续向普京施压，打击用于向战争金库输送资金的非法网络”。 根据“有组织犯罪与腐败报告项目”（OCCRP）调查，被制裁实体还与乔治·罗西存在关联。英国国家犯罪调查局认定此人是一个庞大俄罗斯洗钱体系的核心人物，该体系使用者包括跨国毒贩、网络罪犯、规避制裁的莫斯科精英，甚至克里姆林宫间谍机构。 英国此次行动还延伸至美国早前对Keremet银行的制裁，新增制裁对象为总部位于卢森堡的Altair控股公司（该公司去年收购了Keremet银行的控股权）。尽管美国制裁仍是最有力工具（因国际美元交易均需经纽约清算），但英国制裁将阻断相关实体获取伦敦的金融与法律服务。 “若克里姆林宫认为能通过可疑加密网络洗白交易来缓解我方制裁——他们大错特错，”道蒂强调，“我们将与盟友一道，继续支持美国主导的行动，终结这场非法战争并实现公正持久的和平。”       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

exifLooter ExifLooter finds geolocation on all image urls and directories and also integrates with OpenStreetMap. Installation go install github.com/aydinnyunus/exifLooter@latest Exif Looter depends on exiftool, so make sure it is on your PATH. Use Analyze Image...

The post exifLooter: finds geolocation on all image urls and directories also integrates with OpenStreetMap appeared first on Penetration Testing Tools.

A vulnerability classified as critical was found in SQLite 3.30.1. Affected by this issue is some unknown functionality of the component CREATE Statement Handler. Executing manipulation as part of Table Name can lead to improper privilege management. This vulnerability appears as CVE-2019-19603. The attack may be performed from a remote location. There is no available exploit.

A vulnerability labeled as critical has been found in SQLite up to 3.32.0. Impacted is the function sqlite3ExprCodeTarget of the file expr.c. Executing manipulation can lead to improper initialization. This vulnerability appears as CVE-2020-13435. The attack may be performed from a remote location. There is no available exploit.