Aggregator

Submit #396425 / VDB-276079

A vulnerability classified as critical has been found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. This affects an unknown part of the file /ajax/getBasicInfo.php. The manipulation of the argument username leads to sql injection. This vulnerability is uniquely identified as CVE-2024-8303. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax/chpwd.php. The manipulation of the argument username leads to sql injection. This vulnerability is handled as CVE-2024-8302. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. This vulnerability is known as CVE-2024-8301. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

In Litouwen werd weer volop geoefend. Zoals het afvoeren van gewond geraakte infanteristen na een drone-aanval. Een overzicht van Defensieoperaties in de week van 21 tot en met 27 augustus 2024. Dit is vanwege de storing later gepubliceerd.

Мессенджер может столкнуться с санкциями за нарушение европейских правил.

8月27日，外媒BleepingComputer报道，黑客组织Volt Typhoon（伏特台风）利用Versa Director零日漏洞上传自定义Webshell，窃取凭据并破坏美国公司网络。

一种名为 Styx Stealer 的新网络安全威胁已经出现。

与韩国有关的网络间谍组织APT-C-60利用金山WPS Office软件中的一个关键远程代码执行漏洞（CVE-2024-7262），CVSS评分为9.3，部署了名为SpyGlace的独特后门。

8月27日，外媒BleepingComputer报道，黑客组织Volt Typhoon（伏特台风）利用Versa Director零日漏洞上传自定义Webshell，窃取凭据并破坏美国公司网络。本周周

一种名为 Styx Stealer 的新网络安全威胁已经出现。它可以在使用频繁网络浏览器中窃取敏感数据（例如已保存的密码、cookie 和自动填充信息）来锁定用户。该恶意软件影响涉及到 Chromiu

与韩国有关的网络间谍组织APT-C-60利用金山WPS Office软件中的一个关键远程代码执行漏洞（CVE-2024-7262），CVSS评分为9.3，部署了名为SpyGlace的独特后门。该漏洞由

近期，一个大规模的网络钓鱼活动利用Microsoft Sway这一云基础的在线演示工具来搭建登陆页面，目的是为了诱使Microsoft 365用户泄露他们的登录凭证。

IT系统中断导致预订、登机、机场引导等环节受扰乱，大量乘客滞留在机场数小时。

当地时间8月28日，Mandiant和Google Cloud发布研究报告，称一个伊朗黑客组织通过社交媒体平台散布虚假的招聘网站和工作机会，以此作为诱饵内容，目的是识别可能与以色列等外国对手合作的伊朗人。

Submit #396298 / VDB-276075

Submit #396297 / VDB-276074

Submit #396294 / VDB-276073

雷神众测2023年度Top白帽榜单公、新人榜单公布！现金奖励&游学奖励他全有啦！！