Aggregator

A vulnerability was found in BEA WebLogic Server up to 9.0. It has been declared as critical. This vulnerability affects unknown code of the component WebLogic Server. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2005-4751. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in BEA WebLogic Server up to 8.1. This vulnerability affects unknown code of the component WebLogic Server. The manipulation leads to Remote Code Execution (Stored). This vulnerability was named CVE-2005-4763. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in BEA WebLogic Server up to 8.1. Affected is an unknown function of the component Administration Server. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2005-4765. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in BEA WebLogic Server up to 8.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component WebLogic Server. The manipulation leads to information disclosure. This vulnerability is known as CVE-2005-4766. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in BEA WebLogic Server up to 8.1 and classified as critical. Affected by this issue is some unknown functionality of the file username/password of the component Password Authentication. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2005-4767. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Moss 0.1.3. This affects an unknown part. The manipulation of the argument order leads to sql injection. This vulnerability is uniquely identified as CVE-2024-57098. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ClassCMS 4.8 and classified as problematic. This issue affects some unknown processing of the component Model Management. The manipulation of the argument classview leads to code injection. The identification of this vulnerability is CVE-2024-57099. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in ClassCMS 4.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class/admin/channel.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-57097. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in 07FLY FlyCMS 1.3.9. This issue affects some unknown processing of the file /oa/OaWorkReport/add.html. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-57159. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Go-CMS 1.1.10. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-57095. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in payload ieldsToJson of node-opcua-alarm-condition 2.134.0 and classified as critical. Affected by this vulnerability is the function fieldsToJson. The manipulation of the argument function leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2024-57086. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in stryker-mutator util 8.6.0. It has been rated as problematic. Affected by this issue is the function deepMerge. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is handled as CVE-2024-57085. The attack needs to be initiated within the local network. There is no exploit available.

臭名昭著的黑客 IntelBroker 因入侵 AMD、诺基亚等公司并出售数据被捕。25 岁的他使用实名账户接收赃款，FBI 通过钓鱼获取其比特币地址并锁定身份。

The Apache Software Foundationが提供する複数の製品には、サービス運用妨害（DoS）の脆弱性が存在します。

HackerNews 编译，转载请注明出处： 网络安全公司Rapid7周三披露，其研究人员在兄弟牌（Brother）打印机的多功能打印机中发现八个安全漏洞。这些漏洞影响兄弟品牌的689款打印机、扫描仪和标签机，同时部分或全部漏洞也波及富士胶片商业创新（Fujifilm Business Innovation）的46款、理光（Ricoh）的5款、柯尼卡美能达（Konica Minolta）的6款及东芝（Toshiba）的2款打印机。总体而言，数百万台企业及家用打印机因这些漏洞面临黑客攻击风险。 其中最严重的漏洞被标记为CVE-2024-51978（严重等级为“高危”），可使远程未认证攻击者通过获取设备默认管理员密码绕过身份验证。该漏洞可与信息泄露漏洞CVE-2024-51977形成攻击链——后者能窃取设备序列号，而序列号正是生成默认管理员密码的关键要素。 “问题根源在于兄弟设备的默认密码生成机制，”Rapid7解释称，“该机制将序列号转化为默认密码。受影响设备在生产过程中，会根据每台设备的唯一序列号设定此默认密码。”一旦掌握管理员密码，攻击者即可重新配置设备或滥用需认证用户才能访问的功能。 其余漏洞严重等级为“中危”或“高危”，可被用于实施拒绝服务（DoS）攻击、强制打印机开启TCP连接、窃取已配置外部服务的密码、触发堆栈溢出以及发起任意HTTP请求。八个漏洞中有六个无需认证即可利用。 Rapid7约一年前通过日本计算机应急响应中心（JPCERT/CC）向兄弟打印机报告了漏洞。目前厂商已发布安全公告告知客户，并修复了大部分漏洞，但指出CVE-2024-51978无法通过固件完全修补。兄弟打印机表示将通过新生产工艺确保未来设备免疫该漏洞，现有设备则需采用临时缓解方案。JPCERT/CC及理光、富士胶片、东芝、柯尼卡美能达等厂商也同步发布了相关安全公告。       消息来源： securityweek； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

这篇文章主要介绍了HTTP错误代码521的原因及其解决方法。该错误通常由Cloudflare服务器配置问题或资源不足引起。常见原因包括服务器配置错误、资源耗尽、路由问题或网络攻击。解决措施包括检查服务器配置、优化资源使用、联系ISP或尝试备用DNS服务器以恢复服务正常运行。

A vulnerability classified as problematic was found in YaBB 1 Gold - Sp 1.3/1.5.1. This vulnerability affects unknown code of the component Tag Handler. The manipulation of the argument glow/shadow leads to basic cross site scripting. This vulnerability was named CVE-2004-1827. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in GC Social Wall Plugin up to 1.15 on WordPress. Affected is the function gc_social_wall of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-5564. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Event RSVP and Simple Event Management Plugin Plugin up to 4.1.0 on WordPress. Affected by this vulnerability is the function emd_mb_meta of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5540. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in WP SoundSystem Plugin up to 3.4.2 on WordPress and classified as problematic. This vulnerability affects the function wpsstm-track of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-6258. The attack can be initiated remotely. There is no exploit available.