当“修仙”照进现实:在996的裂缝里,我们都在等一场逆袭
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
Aggregator
香港大埔突发大火致多人死亡,谈谈个人看法
3 weeks ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
安全测试扫描工具ZAP
3 weeks ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
PAM Backdoor分析
3 weeks ago
环境异常 当前环境异常,完成验证后即可继续访问。 去验证
PAM Backdoor分析
3 weeks ago
科技爱好者周刊(第 375 期):一扇门的 Bug
3 weeks ago
R-HORIZON:探索长程推理边界,复旦NLP&美团LongCat联合提出LRMs能力评测新框架
3 weeks ago
复旦大学与美团LongCat联合推出 R-HORIZON——首个系统性评估与增强 LRMs 长链推理能力的评测框架与训练方法。核心创新:R-HORIZON 提出了问题组合(Query Composition)方法,通过构建问题间的依赖关系,将孤立任务转化为复杂的多步骤推理链。
美团技术团队
威努特荣获机械工业科技进步奖二等奖!
3 weeks ago
获奖项目成果达到国际先进水平。
CVE-2025-57833:Potential SQL injection in FilteredRelation column aliases
3 weeks ago
Django时隔一年爆出来的SQL注入漏洞,大概一看大概是别名引起的注入(毕竟别名是无法预编译的)
该漏洞影响 Django 框架中的 FilteredRelation 功能,当使用 QuerySet.annotate() 或 QuerySet.alias() 方法,并通过 Python 的字典扩展 (**kwargs) 提供列别名时,存在 SQL 注入风险。这是由于对字典键(即列别名)未进行充分
某管理系统源代码审计
3 weeks ago
某管理系统源代码审计
Shiro反序列化 逆向分析代码及漏洞利用
3 weeks ago
shiro反序列化 结合CC5
Vulnerable Codes in Legacy Python Packages Enables Attacks on Python Package Index Via Domain Compromise
3 weeks ago
Hidden vulnerabilities in legacy code often create unseen risks for modern development environments. One such issue recently surfaced within the Python ecosystem, where outdated bootstrap scripts associated with the zc.buildout tool expose users to domain takeover attacks. These scripts, designed to automate the installation of package dependencies, contain hardcoded references to external domains that are […]
The post Vulnerable Codes in Legacy Python Packages Enables Attacks on Python Package Index Via Domain Compromise appeared first on Cyber Security News.
Tushar Subhra Dutta
个人信息泄露的警示
3 weeks ago
PDF、Office套装,这两类属于常见交换文档,其属性信息极易被普通用户忽略。
Tengu
3 weeks ago
You must login to view this content
cohenido
RALord
3 weeks ago
You must login to view this content
cohenido
CVE-2010-0693 | CommodityRentals Trade Manager Script products.php cid sql injection (EDB-11412 / XFDB-56223)
3 weeks ago
A vulnerability described as critical has been identified in CommodityRentals Trade Manager Script. The impacted element is an unknown function of the file products.php. Such manipulation of the argument cid leads to sql injection.
This vulnerability is listed as CVE-2010-0693. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
CVE-2010-0707 | Timeclock-software Employee Timeclock Software 0.99 add_user.php cross-site request forgery (EDB-11516 / XFDB-56410)
3 weeks ago
A vulnerability, which was classified as problematic, was found in Timeclock-software Employee Timeclock Software 0.99. The affected element is an unknown function of the file add_user.php. Executing manipulation can lead to cross-site request forgery.
This vulnerability is registered as CVE-2010-0707. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com
CVE-2010-1994 | TomatoCMS up to 2.0.4 index.php q sql injection (EDB-33978 / XFDB-58470)
3 weeks ago
A vulnerability, which was classified as critical, was found in TomatoCMS up to 2.0.4. This affects an unknown part of the file index.php. The manipulation of the argument q results in sql injection.
This vulnerability is identified as CVE-2010-1994. The attack can be executed remotely. Additionally, an exploit exists.
You should upgrade the affected component.
vuldb.com
CVE-2010-2282 | TomatoCMS 2.0.6 cross-site request forgery (EDB-14331 / SA39680)
3 weeks ago
A vulnerability was found in TomatoCMS 2.0.6. It has been declared as problematic. Affected by this issue is some unknown functionality. Executing manipulation can lead to cross-site request forgery.
This vulnerability is handled as CVE-2010-2282. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com
CVE-2010-1327 | TornadoStore 1.4.3 precios.php3 where sql injection (EDB-34225 / XFDB-59950)
3 weeks ago
A vulnerability was found in TornadoStore 1.4.3. It has been rated as critical. Affected is an unknown function of the file precios.php3. The manipulation of the argument where leads to sql injection.
This vulnerability is documented as CVE-2010-1327. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com