Aggregator

CVE-2023-20720 | MediaTek MT6895/MT6983/MT8167/MT8168/MT8195/MT8673 Pqframework out-of-bounds (ALPS07629586 / EUVD-2023-24899)

Vuldb Updates
1 month ago
A vulnerability, which was classified as problematic, has been found in MediaTek MT6895, MT6983, MT8167, MT8168, MT8195 and MT8673. The affected element is an unknown function of the component Pqframework. Performing manipulation results in out-of-bounds read. This vulnerability is known as CVE-2023-20720. Attacking locally is a requirement. No exploit is available. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2007-3267 | Fuzzylime Forum up to 1.01b low.php fromaction cross site scripting (EDB-30201 / XFDB-35137)

Vuldb Updates
1 month ago
A vulnerability marked as problematic has been reported in Fuzzylime Forum up to 1.01b. Affected by this issue is some unknown functionality of the file low.php. Performing manipulation of the argument fromaction results in basic cross site scripting. This vulnerability is known as CVE-2007-3267. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2007-5567 | Galmeta Galmeta Post 0.11 upload_config.php DDS code injection (EDB-30737 / XFDB-37412)

Vuldb Updates
1 month ago
A vulnerability classified as critical was found in Galmeta Galmeta Post 0.11. The impacted element is an unknown function in the library lib/fckeditor/upload_config.php. The manipulation of the argument DDS results in code injection. This vulnerability is cataloged as CVE-2007-5567. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

取证AI三大能力突破!电子数据取证跨入L3级自动化取证时代

嘶吼
1 month ago

未来已来

过去,执法人员在进行手机取证前,必须手动开启USB调试模式,由于手机品牌众多、机型繁杂、USB接口规格不一,往往需要花大量时间摸索,搜索开启方法、反复点击并逐步配置等;在WiFi取证前,也需要手动连接设备,再执行手机克隆等操作。

现在,解决办法来了!美亚柏科自主研发的智能自动化取证精灵取得跨越式突破,实现USB调试自动开启、WiFi 取证自动化、直连取证自动化三大能力,全面覆盖华为Mate系列、Pura系列以及荣耀全线主流机型,vivo、oppo、小米等手机品牌也在快速适配迭代中。

面对复杂异常场景,设备能通过自动流程优化,稳定完成操作:

·USB调试自动开启:手机取证必备步骤。

·WiFi取证自动化:自动完成WiFi设备连接、手机克隆等流程,省去繁琐人工操作。

·直连取证自动化:USB调试自动开启并在取证OS系统开启直连取证任务,实现即插即取。

这一突破具有里程碑意义,它标志着取证工作从依赖人工的“半自动”模式,跃迁至真正的全流程自动化阶段。基于此,我们将该成果正式定义为L3级自动化取证。就如同汽车领域从L2辅助驾驶迈向L3自动驾驶时代,这不是简单的产品升级,更是行业概念的重塑!

L3级自动化取证,意味着设备能够在大多数场景下,自主完成完整取证流程,将电子数据取证带入一个新的智能化阶段,让公安、司法及相关行业的工作效率实现质的提升。

未来,公司将在电子数据取证领域持续深耕,不断拓宽可适配的机型范围,进一步优化设备稳定性,提升用户交互体验,让自动化成为取证的“新常态”。这不仅是产品自身的进步,更是推动整个行业朝着智能化、规模化方向迈进的关键一步。

产品简介

一款专为基层执法人员打造的全新智能取证设备,集成语音输入、视觉识别与自动化操控等功能,全面简化取证准备流程。支持USB调试自动开启、自动手机取证与语音问答交互,显著提升取证效率与合规性。

国投智能

CVE-2025-20707 | MediaTek MT8893 geniezone use after free

VulDB Recent Entries
1 month ago
A vulnerability categorized as critical has been discovered in MediaTek MT2718, MT6853, MT6877, MT6893, MT6899, MT6991, MT8196, MT8676, MT8678, MT8775, MT8786, MT8788E, MT8791T, MT8792, MT8796, MT8883 and MT8893. Affected by this issue is some unknown functionality of the component geniezone. The manipulation results in use after free. This vulnerability is reported as CVE-2025-20707. The attack requires a local approach. No exploit exists. It is advisable to implement a patch to correct this issue.
vuldb.com

CVE-2025-20706 | MediaTek MT6899/MT6989/MT6991/MT8676/MT8678 mbrain use after free

VulDB Recent Entries
1 month ago
A vulnerability was found in MediaTek MT6899, MT6989, MT6991, MT8676 and MT8678. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component mbrain. The manipulation leads to use after free. This vulnerability is documented as CVE-2025-20706. The attack needs to be performed locally. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2025-20705 | MediaTek MT8796 monitor_hang use after free

VulDB Recent Entries
1 month ago
A vulnerability was found in MediaTek MT2718, MT2735, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6893, MT6895, MT6897, MT6899, MT6980D, MT6983, MT6985, MT6989, MT6990, MT6991, MT8169, MT8186, MT8188, MT8676, MT8678, MT8696, MT8775, MT8792 and MT8796. It has been declared as critical. Affected is an unknown function of the component monitor_hang. Executing manipulation can lead to use after free. This vulnerability is registered as CVE-2025-20705. The attack needs to be launched locally. No exploit is available. A patch should be applied to remediate this issue.
vuldb.com

CVE-2025-6507 | h2oai h2o-3 3.47.0.99999 Regular Expression deserialization

VulDB Recent Entries
1 month ago
A vulnerability was found in h2oai h2o-3 3.47.0.99999. It has been classified as critical. This impacts an unknown function of the component Regular Expression Handler. Performing manipulation results in deserialization. This vulnerability is cataloged as CVE-2025-6507. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-20708 | MediaTek MT8893 NR15/NR16/NR17/NR17R Modem out-of-bounds write

VulDB Recent Entries
1 month ago
A vulnerability was found in MediaTek MT2735, MT2737, MT6813, MT6815, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8771, MT8791, MT8791T, MT8792, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883 and MT8893 NR15/NR16/NR17/NR17R and classified as critical. This affects an unknown function of the component Modem. Such manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2025-20708. The attack may be performed from remote. There is no available exploit. Applying a patch is advised to resolve this issue.
vuldb.com

CVE-2025-20704 | MediaTek MT8883 NR17/NR17R Modem out-of-bounds write

VulDB Recent Entries
1 month ago
A vulnerability has been found in MediaTek MT6813, MT6835, MT6835T, MT6878, MT6878M, MT6897, MT6899, MT6991, MT8676, MT8678, MT8792, MT8863, MT8873 and MT8883 NR17/NR17R and classified as critical. The impacted element is an unknown function of the component Modem. This manipulation causes out-of-bounds write. This vulnerability is tracked as CVE-2025-20704. The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-20703 | MediaTek MT8893 NR15/NR16/NR17/NR17R Modem out-of-bounds

VulDB Recent Entries
1 month ago
A vulnerability, which was classified as critical, was found in MediaTek MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8771, MT8791, MT8791T, MT8792, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883 and MT8893 NR15/NR16/NR17/NR17R. The affected element is an unknown function of the component Modem. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2025-20703. The attack can be executed remotely. There is not any exploit available. It is best practice to apply a patch to resolve this issue.
vuldb.com

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior

Help Net Security
1 month ago

A team of researchers from Frondeur Labs, DistributedApps.ai, and OWASP has developed a new machine learning framework designed to help defenders anticipate attacker behavior across the stages of the Cyber Kill Chain. The work explores how machine learning models can forecast adversary techniques and generate structured attack paths. Combining ATT&CK with the kill chain The Cyber Kill Chain, introduced by Lockheed Martin, breaks down attacks into seven stages: reconnaissance, weaponization, delivery, exploitation, installation, command and … More →

The post KillChainGraph: Researchers test machine learning framework for mapping attacker behavior appeared first on Help Net Security.

Mirko Zorz

Managed ad