Aggregator

A vulnerability was found in Bannersky BSK PDF Manager 1.3.2. It has been classified as critical. Affected is an unknown function of the component Dashboard. The manipulation of the argument pdfid leads to sql injection. This vulnerability is traded as CVE-2014-4944. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

根据质量大小，天文学家将黑洞分为三种，分别是恒星质量黑洞（约为太阳质量的 5-50 倍）、超大质量黑洞（质量为太阳的数百万到数十亿倍），以及介于两者之间的中等质量黑洞。虽然科学家认为中等质量黑洞应该存在，但对于它们的起源或特征知之甚少，因此它们被认为是黑洞演化过程中罕见失落的环节。近期天文学家终于取得了中等质量黑洞存在的新证据。这项研究由美国 Vanderbilt 大学所领导的研究团队重新分析了来自激光干涉引力波天文台（LIGO）与 Virgo 干涉仪过去侦测到的黑洞合并事件。研究指出，这些合并后的黑洞，其质量落在太阳的 100 到 300 倍之间，正好落在中等质量黑洞的理论范围内。这项分析结果提供了至今最有力的观测证据，支持中等质量黑洞的存在。研究人员表示虽然这项新分析报告的黑洞质量仍属推测，但可以为了解照亮我们宇宙的第一批恒星打开了一扇前所未有的窗口。研究成果即将发表于《Astrophysical Journal Letters》期刊上。

A vulnerability classified as problematic was found in ASP-Nuke 2.0.7. This vulnerability affects unknown code of the file news.asp. The manipulation of the argument ID leads to basic cross site scripting. This vulnerability was named CVE-2007-2892. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in CWJoomla CW Article Attachments PRO Extension and CW Article Attachments FREE Extension up to 2.0.6 on Joomla. Affected is an unknown function of the file download.php. The manipulation leads to sql injection. This vulnerability is traded as CVE-2018-14592. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cyphor 0.19 and classified as problematic. This issue affects some unknown processing of the file footer.php. The manipulation of the argument t_login leads to basic cross site scripting. The identification of this vulnerability is CVE-2005-3237. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Horde IMP. This affects an unknown part of the file fetchmailprefs.php. The manipulation of the argument fm_id leads to cross site scripting. This vulnerability is uniquely identified as CVE-2010-3695. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球

A vulnerability, which was classified as problematic, has been found in Ashopsoftware AShop Administration Panel 4.5. Affected by this issue is some unknown functionality of the file ashop/catalogue.php of the component Administration Panel. The manipulation of the argument resultpage leads to basic cross site scripting. This vulnerability is handled as CVE-2007-0056. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Jtr Jax FormMailer 3.0.0. It has been rated as critical. This issue affects some unknown processing of the file formmailer.admin.inc.php. The manipulation of the argument BASE_DIR[jax_formmailer] leads to code injection. The identification of this vulnerability is CVE-2009-2378. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in PunBB 1.2.10. This affects an unknown part of the file register.php. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2006-1090. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Essential Addons for Elementor Plugin up to 6.1.12 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Pricing Table Widget. The manipulation of the argument eael_pricing_item_tooltip_content leads to cross site scripting. This vulnerability is traded as CVE-2024-9994. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Essential Addons for Elementor Plugin up to 6.1.12 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Event Calendar Widget. The manipulation of the argument eael_event_details_text leads to cross site scripting. This vulnerability is known as CVE-2024-9993. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Social Sharing Plugin Plugin up to 3.3.75 on WordPress. This affects an unknown part. The manipulation of the argument heateor_mastodon_share leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5528. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Mirabilis ICQ 0.99b 1.1.1.1. This vulnerability affects unknown code of the component Message Handler. The manipulation as part of URL leads to memory corruption. This vulnerability was named CVE-2000-0046. The attack can be initiated remotely. Furthermore, there is an exploit available. This vulnerability has a historic impact due to its background and reception. It is recommended to upgrade the affected component.

Физики нашли предел существования вещества — и он тоньше, чем ожидалось.