Aggregator

CVE-2025-52955 | Juniper Junos OS prior 24.2R2 Routing Protocol Daemon buffer size (JSA100062 / EUVD-2025-21163)

Vuldb Updates
1 month 1 week ago
A vulnerability categorized as critical has been discovered in Juniper Junos OS up to 21.2R3-S8/22.4R3-S6/23.2R2-S2/23.4R2-S3/24.2R1. Impacted is an unknown function of the component Routing Protocol Daemon. Executing manipulation can lead to incorrect calculation of buffer size. This vulnerability is handled as CVE-2025-52955. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2024-43190 | IBM Engineering Requirements Management DOORS 9.7.2.9 password recovery (EUVD-2024-54752)

Vuldb Updates
1 month 1 week ago
A vulnerability classified as problematic has been found in IBM Engineering Requirements Management DOORS 9.7.2.9. This impacts an unknown function. This manipulation causes weak password recovery. This vulnerability is handled as CVE-2024-43190. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-7077 | Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6 /appy.cgi config_3g_para username_3g/password_3g buffer overflow (EUVD-2025-20133)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6 and classified as critical. Impacted is the function config_3g_para of the file /appy.cgi. Such manipulation of the argument username_3g/password_3g leads to buffer overflow. This vulnerability is referenced as CVE-2025-7077. It is possible to launch the attack remotely. Furthermore, an exploit is available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Tenda AC15栈溢出漏洞复习(CVE-2018-18708)

先知技术社区
1 month 1 week ago
最近开始学习复现Tenda的漏洞,发现很多洞都是一系列的栈溢出漏洞,这些洞的固态仿真都是一样的,函数调用流程是不一样的,但对于pwn手来说,个人感觉最难的还是固态仿真和调试,这些都一样的话,函数流程逐个分析都可以拿下

【CVE-2025-6058】WPBookit 插件任意文件上传漏洞

先知技术社区
1 month 1 week ago
WPBookit 是用于 WordPress 的插件,功能包括在线预订和预约管理。该插件中存在缺陷,在 image_upload_handle() 函数缺少文件类型验证,使得在所有版本至 1.0.4 包括 1.0.4 的版本中,攻击者可以通过添加新的预订类型的路由(add_booking_type)上传任意文件。这种情况下,攻击者能够在受影响网站的服务器上上传任意文件,并可能进行远程代码执行。

Britain targets Kyrgyz financial institutions, crypto networks aiding Kremlin

Security Affairs
1 month 1 week ago
The UK has imposed new sanctions on Kyrgyz financial institutions and crypto networks accused of helping Russia evade restrictions. The UK imposed sanctions on Kyrgyz financial institutions and crypto networks accused of aiding Russian sanctions evasion, war funding, and ransomware activities. The U.K. imposed new sanctions on Kyrgyzstan’s Capital Bank and director Kantemir Chalbayev, accused […]
Pierluigi Paganini

Play

Dark Feed IO
1 month 1 week ago

You must login to view this content

cohenido

Play

Dark Feed IO
1 month 1 week ago

You must login to view this content

cohenido

RingReaper Malware Targets Linux Servers, Stealthily Evading EDR Solutions

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month 1 week ago

A new malware campaign dubbed RingReaper has emerged, targeting servers with advanced post-exploitation capabilities that exploit the kernel’s io_uring asynchronous I/O interface to bypass Endpoint Detection and Response (EDR) systems. This sophisticated agent minimizes reliance on traditional system calls like read, write, recv, send, or connect, instead using io_uring primitives such as io_uring_prep_* for stealthy […]

The post RingReaper Malware Targets Linux Servers, Stealthily Evading EDR Solutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad