每周蓝军技术推送(2025.2.14-2.21)
关注高级攻防对抗技术热点,研究对手技术进行高级威胁模拟,研判攻击安全发展方向。
Aggregator
安全行业名企招聘大集结
9 months 3 weeks ago
文末投递简历
GitHub 现 Windows Wi-Fi 密码窃取工具
9 months 3 weeks ago
议题征集|“纵深防护·极智运营”第十期「度安讲」 技术沙龙议题报名!
9 months 3 weeks ago
英国NCSC:Pygmy Goat 恶意软件分析报告(第三版)
9 months 3 weeks ago
看雪论坛作者ID:梦幻的彼岸【译】
工信部认可!360荣获车联网产品安全漏洞专业库“优秀技术支撑单位”
9 months 3 weeks ago
安全客
CVE-2025-1544 | dingfanzu CMS up to 20250210 /ajax/loadShopInfo.php shopId sql injection
9 months 3 weeks ago
A vulnerability, which was classified as critical, was found in dingfanzu CMS up to 20250210. Affected is an unknown function of the file /ajax/loadShopInfo.php. The manipulation of the argument shopId leads to sql injection.
This vulnerability is traded as CVE-2025-1544. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #497558: Shanghai Baud DATA Communicatior Co., Ltd. Internet Behavior Management and Auditing System log_operate_clear Command Injection [Accepted]
9 months 3 weeks ago
Submit #497558 / VDB-296491
KOISH1
Is Vibe Coding The Future of Software Development
9 months 3 weeks ago
Digital Technology is evolving faster than ever, and the way we interact with it is transforming dramatically. With the rise of AI-driven development, no-code/low-code platforms,...Read More
The post Is Vibe Coding The Future of Software Development appeared first on ISHIR | Software Development India.
The post Is Vibe Coding The Future of Software Development appeared first on Security Boulevard.
Rishi Khanna
CVE-2023-1607 | novel-plus 3.6.2 /common/sysFile/list sort/order sql injection
9 months 3 weeks ago
A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort/order leads to sql injection.
This vulnerability is uniquely identified as CVE-2023-1607. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-1543 | iteachyou Dreamer CMS 4.1.3 ueditor-1.4.3.3 path traversal
9 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in iteachyou Dreamer CMS 4.1.3. This issue affects some unknown processing of the file /resource/js/ueditor-1.4.3.3. The manipulation leads to path traversal.
The identification of this vulnerability is CVE-2025-1543. The attack may be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #497477: geeeeeeeek dingfanzu master SQL Injection [Accepted]
9 months 3 weeks ago
Submit #497477 / VDB-296490
Xinca0
Submit #497473: xxy novel-plus 4.4.0 SQL Injection [Duplicate]
9 months 3 weeks ago
Submit #497473 / VDB-223737
xiaolian-11
Submit #497329: iteachyou Dreamer CMS 4.1.3 Path Traversal [Accepted]
9 months 3 weeks ago
Submit #497329 / VDB-296489
vastzero
CVE-2023-43382 | iteachyou Dreamer CMS 4.1.3 Upload Template themePath path traversal
9 months 3 weeks ago
A vulnerability was found in iteachyou Dreamer CMS 4.1.3 and classified as critical. This issue affects some unknown processing of the component Upload Template Handler. The manipulation of the argument themePath leads to path traversal.
The identification of this vulnerability is CVE-2023-43382. The attack may be initiated remotely. There is no exploit available.
vuldb.com
浏览器指纹的恶意窃取与利用
9 months 3 weeks ago
本文主要介绍了网络欺诈者利用浏览器指纹识别进行恶意活动的情况,包括收集方法、影响以及相关工具和技术。
浏览器指纹的恶意窃取与利用
9 months 3 weeks ago
本文主要介绍了网络欺诈者利用浏览器指纹识别进行恶意活动的情况,包括收集方法、影响以及相关工具和技术。
浏览器指纹的恶意窃取与利用
9 months 3 weeks ago
本文主要介绍了网络欺诈者利用浏览器指纹识别进行恶意活动的情况,包括收集方法、影响以及相关工具和技术。
浏览器指纹的恶意窃取与利用
9 months 3 weeks ago
本文主要介绍了网络欺诈者利用浏览器指纹识别进行恶意活动的情况,包括收集方法、影响以及相关工具和技术。
浏览器指纹的恶意窃取与利用
9 months 3 weeks ago
本文主要介绍了网络欺诈者利用浏览器指纹识别进行恶意活动的情况,包括收集方法、影响以及相关工具和技术。