Aggregator

Submit #418742 / VDB-280239

Submit #418741 / VDB-280238

Submit #418740 / VDB-280237

Submit #418739 / VDB-280236

​10月18日，北京昆泰酒店，诚邀莅临！

这一趋势有三个关键驱动因素：一是员工在工作中越来越多地使用个人设备；二是移动设备上网环境堪忧,存在不少安全隐患；三是AI技术的滥用为恶意行为提供了便利条件。

甲方安全和乙方安全的区别 by 洞源实验室

更多最新文章，请访问SecWiki

A vulnerability was found in Falt4 Cms Falt4 Extreme Rc4 10.9.2007 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument topic leads to cross site scripting. The identification of this vulnerability is CVE-2007-6310. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SH-News 3.0. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2007-6391. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Dominion Web DWdirectory 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search. The manipulation of the argument search leads to sql injection. This vulnerability is known as CVE-2007-6392. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Ace Image Hosting Script 0. It has been rated as critical. Affected by this issue is some unknown functionality of the file albums.php. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2007-6393. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Flat PHP Board 1.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is known as CVE-2007-6398. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Myupb Flat PHP Board up to 1.2 and classified as critical. Affected by this issue is some unknown functionality of the file index.php of the component User Account. The manipulation of the argument password leads to credentials management. This vulnerability is handled as CVE-2007-6399. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in P3mbo Content Injector 1.53. This affects an unknown part of the file index.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2007-6394. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

9 月 27 日周五上交所遭遇了堵单问题，当天的交易量大幅下降。为了解决问题，上交所最后选择了重启交易系统，问题随后真的解决了。财新援引专业人士的消息报道，交易所的操作系统较为古老，在处理高并发任务时遇到瓶颈，尤其是在内存管理方面；当系统负载过高，内存被耗尽，导致程序无法正常处理请求，甚至完全卡死。「在这种情况下，重启系统可以清理内存，释放被占用的资源，从而让系统恢复正常。这种现象在较老的系统中更为常见，因为它们的内存管理和资源调配机制相对简单，不如现代操作系统那样高效。」这位专业人士说，可以增加几条简单的操作系统命令，将缓存中的数据写入硬盘，释放内存空间。上交所的交易系统源自德意志交易所的 Xetra 交易系统，而该系统是基于一款 VAX/VMS 的操作系统，由 DEC 在 1970 年代末推出，DEC 早已停止开发，了解该系统的专业人士也非常少。

Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. [...]

A vulnerability has been found in Apple macOS up to 10.13 and classified as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2018-4343. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been rated as problematic. Affected by this issue is some unknown functionality of the component WebRTC. The manipulation as part of HTML Page leads to improper input validation. This vulnerability is handled as CVE-2020-6529. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome on iOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Security UI. The manipulation as part of HTML Page leads to incorrect authorization. This vulnerability is known as CVE-2020-6528. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. Affected is an unknown function of the component Content Security Policy. The manipulation as part of HTML Page leads to incorrect default permissions. This vulnerability is traded as CVE-2020-6527. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.