Aggregator

A vulnerability, which was classified as critical, was found in Zoho ManageEngine Log Analyzer 7/9.9. Affected is an unknown function. The manipulation of the argument hostid leads to information disclosure (Password). This vulnerability is traded as CVE-2014-6039. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Check Point Firewall-1 3.0. This issue affects some unknown processing of the component Script Tag Filter. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2000-0116. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

OverviewCyble honeypot sensors detected dozens of vulnerabilities under attack in the

A vulnerability, which was classified as problematic, has been found in PHP 4.3.1. This issue affects some unknown processing of the file index.php of the component Transparent SID Support Capability. The manipulation of the argument PHPSESSID leads to basic cross site scripting. The identification of this vulnerability is CVE-2003-0442. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

额外奖励！新人加成！

期待更多安全研究员积极参与申请CVE！

额外奖励！新人加成！

期待更多安全研究员积极参与申请CVE！

额外奖励！新人加成！

期待更多安全研究员积极参与申请CVE！

2024年的众测挑战赛转眼就来到最后一期啦！各位师傅们请抓住机会领取你们的超高额额外奖励累计赛程一还有机会获得丰厚的OPPO产品哦！参加漏洞马拉松详情请戳：【2024漏洞马拉松】OPPO赛程正式启动，

CVE-2024-1609漏洞类型 ：移动应用漏洞漏洞提交时间：2022-10-13漏洞描述：OPPO商城APP存在Webview组件权限提升漏洞CVE官方链接：https://www.cve.org

近日，浙江台州公安机关工作中发现，浙江某软件科技公司受托搭建的数据库存在安全漏洞，数据库中承载的大量电子政务数据存在泄露风险。     经查，该公司主要为政府部门提供软件开发、信息系统建设和

A vulnerability was found in libquicktime up to 1.2.4. It has been classified as problematic. This affects the function quicktime_read_pascal of the component hdlr MP4 Atom Handler. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2016-2399. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

汞因其高毒性和生物富集能力而被 WHO 列入重大公共卫生关切的十大化学品类之一，人为活动如金属冶炼和化石燃料燃烧，以及自然活动如火山喷发，是汞的主要来源。这些活动释放的汞主要以气态形式存在，因此可以长距离传播，最终通过干沉降和湿沉降过程，污染全球陆地和海洋生态系统。清华大学环境学院的研究人员构建了一个涵盖冰、泥炭、湖泊和海洋沉积物的全球自然沉积物汞累积数据库。结果表明，1700-2012 年间这四种沉积物中的汞通量增加了五至九倍。在发展中地区，如东亚和非洲，湖泊沉积物中的汞累积通量呈上升趋势，这主要是由于煤炭使用、小规模手工冶金活动和工业发展的综合影响。而在发达地区，例如欧洲，自 1950 年以来，湖泊和泥炭沉积物中的汞通量显著下降，这证明了当地环境政策的有效性。相比之下，同为发达地区的北美，其湖泊和泥炭中的汞累积通量并没有显著下降，这一差异可能是因为北美仍消耗了较多的煤炭。

A vulnerability, which was classified as very critical, was found in Brecht Claerhout Sniffit 0.3.6hip/0.3.7beta. Affected is an unknown function of the component Logging Feature. The manipulation of the argument -L leads to memory corruption. This vulnerability is traded as CVE-2000-0343. It is possible to launch the attack remotely. Furthermore, there is an exploit available.