Aggregator

#安全资讯 扩展程序「书签检查器」存在恶意劫持行为，会将谷歌搜索等网站劫持到货币化广告网络，建议用户删除。该扩展程序此前被谷歌标记为精选，不过似乎是在近期版本中加入了劫持代码，蓝点网网

A vulnerability was found in 7mediaws eduTrac up to 1.1.1. It has been rated as problematic. This issue affects some unknown processing of the component Installer. The manipulation of the argument showmask leads to path traversal. The identification of this vulnerability is CVE-2013-7097. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iCloud up to 7.6 on Windows. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2018-4328. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sun Solaris 7.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument TZ as part of Environment Variable leads to memory corruption. The identification of this vulnerability is CVE-2001-0423. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in DBL DBLTek. It has been rated as critical. This issue affects some unknown processing of the file frame.html of the component HTTP Basic Authentication. The manipulation of the argument passwd as part of Parameter leads to os command injection. The identification of this vulnerability is CVE-2017-16934. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in phpMyAdmin up to 4.0.10.6/4.1.14.7/4.2.13. It has been classified as problematic. This affects an unknown part of the component Password Handler. The manipulation leads to php weakness. This vulnerability is uniquely identified as CVE-2014-9218. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

前言看完了柴静的《柴静谈陈虻和崔永元 “衡量一个人对初衷的真诚，要看他愿意为它付出的代价”》之后又恰巧再次看了评论尸的《互联网是人类历史的一段弯路吗？》然后又看了全嘻嘻的《20年后，47岁的他想对

#加密货币 LUNA/UST 爆雷事件主角权道亨已经被引渡至美国，但对 400 亿美元的刑事欺诈指控不认罪。2022 年 LUNA/UST 爆雷造成市场损失 400 亿美元，随后权道亨

A vulnerability classified as problematic was found in e107 CMS. This vulnerability affects unknown code of the file e107_plugins/content/handlers/content_preset.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2013-2750. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A new Android malware named ‘FireScam’ is being distributed as a premium version of the Tele

A vulnerability was found in Sun Solaris up to 8.0. It has been declared as critical. This vulnerability affects unknown code of the component Xsun Server. The manipulation of the argument HOME as part of Environment Variable leads to memory corruption. This vulnerability was named CVE-2001-0422. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially

#安全资讯 支付宝碰一碰 NFC 设备存在安全漏洞可被替换收款标签，不过总体来说利用性应该非常低。加密货币硬件钱包 OneKey 的安全研究人员发现部分设备使用的芯片未开启一次性写入和

A vulnerability was found in Drupal 7.33. It has been classified as problematic. This affects an unknown part of the component Password Hashing API. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2014-9016. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

2024年12月28日下午，由中国计算机学会计算机安全专委会（以下简称“专委会”）主办、专委会网络安全科普工作组承办的网络安全科普工作组专家组成立会在北京顺利召开。专委会主任、公安部三所/一所原所长严

A vulnerability was found in inkscape 0.41/0.42/0.42.1/0.42.2. It has been classified as critical. This affects an unknown part of the file style.cpp. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2005-3737. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in 29o3 CMS 0.1. It has been declared as critical. This vulnerability affects unknown code in the library lib/page/pageDescriptionObject.php. The manipulation of the argument LibDir leads to code injection. This vulnerability was named CVE-2010-1922. The attack can be initiated remotely. Furthermore, there is an exploit available.

#系统资讯 Linux 内核准备彻底放弃 USB RNDIS 协议的支持，因为真的没有太大用处。RNDIS 协议是微软在 XP 时代开发的协议，该协议从设计上就不够安全，安卓系统早就放