Aggregator

A vulnerability classified as critical was found in Zabbix up to 1.6.7. Affected by this vulnerability is the function send_history_last_id. The manipulation leads to sql injection. This vulnerability is known as CVE-2009-4499. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox and classified as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper resource management. This vulnerability is known as CVE-2010-0176. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Check Point Firewall-1 4.0/4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SMTP Security Server Proxy. The manipulation leads to denial of service. This vulnerability is known as CVE-2000-0582. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in AdaptCMS 1.4. Affected is an unknown function. The manipulation of the argument sitepath leads to code injection. This vulnerability is traded as CVE-2009-0527. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

说明：接下来的操作会.. 阅读更多

疯狂邪恶团伙利用StealC、AMOS和Angel Drainer恶意软件，针对加密货币用户发起攻击，已窃取超过500万美元，威胁全球数万台设备。

A vulnerability, which was classified as critical, was found in Apple tvOS up to 11.1. Affected is an unknown function of the component IOSurface. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2017-13861. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Simpilotgroup Pop Up News 2.0. This affects an unknown part of the file popupnewsitem. The manipulation of the argument itemid leads to sql injection. This vulnerability is uniquely identified as CVE-2013-3524. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Apple iOS up to 8.4.0. It has been declared as critical. This vulnerability affects unknown code of the component FontParser. The manipulation leads to memory corruption. This vulnerability was named CVE-2015-5756. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Apple iOS up to 8.4.0. This issue affects some unknown processing of the component libpthread. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2015-5757. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Apple Mac OS X up to 10.10.4. This affects an unknown part of the component FontParser. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2015-5756. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Mac OS X up to 10.10.4. It has been rated as very critical. This issue affects some unknown processing of the component libpthread. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2015-5757. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple QuickTime 7. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2015-5753. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Mac OS X up to 10.10.4 and classified as critical. Affected by this issue is some unknown functionality of the component Install Framework Legacy. The manipulation leads to race condition. This vulnerability is handled as CVE-2015-5754. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple Mac OS X up to 10.10.4. Affected by this issue is some unknown functionality of the component Data Detectors Engine. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2015-5750. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Qualcomm Eudora 5.2.1. This issue affects some unknown processing of the component Attachment Converted Handler. The manipulation leads to authentication bypass by spoofing. The identification of this vulnerability is CVE-2003-0336. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The identification of this vulnerability is CVE-2025-0974. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Atastypixel Elegant Grunge up to 1.0.2. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2011-3856. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Flask代码审计SQL注入命令/代码执行反序列化文件操作XXESSRFXSS其他审计实战后记reference

The recent release of Windows 11 version 24H2 has introduced a range of new features and updates, but it has also raised significant cybersecurity concerns. A longstanding malware technique known as Process Hollowing or RunPE has encountered compatibility issues on this latest Windows update, leading to broader discussions about the evolving landscape of cybersecurity. Process […]

The post New Process Hollowing Attack Vectors Uncovered in Windows 11 (24H2) appeared first on Cyber Security News.