Aggregator

Iranian hackers have increased their efforts to influence the upcoming U.S. election, attempting to

error code: 1106

​Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. [...]

​Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...]

A vulnerability classified as critical has been found in Kashipara Online Exam System 1.0. Affected is an unknown function of the file /admin/quizquestion.php. The manipulation of the argument eid leads to sql injection. This vulnerability is traded as CVE-2024-40479. It is possible to launch the attack remotely. There is no exploit available.

Authors:(1) Ankit Anand, Department of Physics, Indian Institute of Technology Madras, Chennai 600

Sachin Kumar is Keeping Blockchain Honest With Smart Contracts That Respect Your Essential Right to

0x00 前言近期，积木报表被曝出存在一个授权绕过漏洞。该漏洞允许攻击者在请求中包含特定参数时绕过授权机制，从而访问诸如 save、queryFieldBySql、show 等接口。尽管之前的远程代码

0x00 前言

近期，积木报表被曝出存在一个授权绕过漏洞。该漏洞允许攻击者在请求中包含特定参数时绕过授权机制，从而访问诸如 save、queryFieldBySql、show 等接口。尽管之前的远程代码执行（RCE）漏洞已被修复，但攻击者仍能通过 AviatorScript 表达式注入，继续实现 RCE 攻击。

目前，积木报表的最新版本为 1.7.9，但测试发现，该版本仍存在授权绕过的风险。漏洞修复的版本暂未发布。为此，本文将提供一种有效的缓解措施，以帮助用户降低该漏洞带来的安全风险。

针对积木报表授权绕过漏洞的缓解措施

针对积木报表授权绕过漏洞的缓解措施

针对积木报表授权绕过漏洞的缓解措施

针对积木报表授权绕过漏洞的缓解措施

针对积木报表授权绕过漏洞的缓解措施

针对积木报表授权绕过漏洞的缓解措施

学科拔尖人才自主培养之路 by ourren

PyPI 2024年上半年恶意包回顾 by ourren

CS2外部静默原理剖析及实现 by ourren

多起典型泄密案例 by ourren

更多最新文章，请访问SecWiki

A vulnerability was found in Visual Website Collaboration, Feedback & Project Management Plugin up to 4.0.2 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-7621. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WooCommerce plugin up to 2.7.5 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2024-7503. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. This affects an unknown part of the file /manager/card/card_detail.php. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-41476. Access to the local network is required for this attack. There is no exploit available.

针对积木报表授权绕过漏洞的缓解措施