Aggregator

A vulnerability has been found in Zope Foundation AccessControl and Zope and classified as critical. Affected by this vulnerability is the function AccessControl.userfolder.UserFolder. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-51734. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in agentscope up to 0.0.4. Affected is the function is_callable_expression of the file agentscope\web\workstation\workflow_utils.py. The manipulation leads to enforcement of behavioral workflow. This vulnerability is traded as CVE-2024-48050. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in golang-jwt jwt up to 4.5.0. This issue affects some unknown processing of the component JSON Web Token Handler. The manipulation leads to handling of exceptional conditions. The identification of this vulnerability is CVE-2024-51744. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Today, we’re diving into the fascinating world of cyber ranges—a critical component in the ever-evolving landscape of cybersecurity. But what exactly is a cyber range? Let’s break it down. What is a Cyber Range? A cyber range is a sophisticated environment that leverages technologies such as virtualization, hybrid reality, security orchestration, behavior and traffic simulation, […]

The post What is a Cyber Range? appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post What is a Cyber Range? appeared first on Security Boulevard.

诺基亚正在调查一起数据泄露事件，有黑客声称获得了该公司及某第三方承包商公司的内部敏感数据。

A vulnerability classified as problematic was found in imputnet cobalt up to 10.2.0. This vulnerability affects unknown code of the component javascript URI Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-51498. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in reactiveui refit up to 7.x. This affects the function HttpHeaders.TryAddWithoutValidation. The manipulation of the argument Header/HeaderCollection/Authorize leads to crlf injection. This vulnerability is uniquely identified as CVE-2024-51501. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Combodo iTop up to 3.1.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component CSV Import Simulation. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-31998. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in taoso webfeed up to 0.9.1 on Firefox/Chrome. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-50346. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Meshtastic Firmware up to 2.5.5. It has been classified as problematic. Affected is an unknown function. The manipulation leads to improper neutralization of special elements. This vulnerability is traded as CVE-2024-51500. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in bearcove loona up to 0.4.2 and classified as problematic. This issue affects some unknown processing of the component loona-hpack. The manipulation leads to handling of exceptional conditions. The identification of this vulnerability is CVE-2024-51502. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Combodo iTop up to 2.7.8/3.0.3 and classified as problematic. This vulnerability affects unknown code of the file pages/ajax.render.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-34445. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Combodo iTop up to 2.7.8/3.0.3. This affects an unknown part of the file pages/ajax.searchform.php. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-34444. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Combodo iTop up to 2.7.10/3.0.4/3.1.1. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-32870. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in code-projects E-Health Care System 1.0. It has been classified as critical. Affected is an unknown function of the file Doctor/app_request.php. The manipulation of the argument app_id with the input 1%27%20union%20select%20group_concat(table_name),database(),3,user(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20information_schema.tables%20where%20table_schema=database()--+ as part of String leads to sql injection. This vulnerability is traded as CVE-2024-10810. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Apple iOS up to 10.3.3. It has been classified as critical. Affected is an unknown function of the component Wi-Fi. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2017-11120. The attack can only be done within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

本文将分析Inferno Drainer、Nova Drainer等网络钓鱼攻击团伙的典型作案手法，并详细列举其行为特征。希望通过这些分析，能够帮助用户提高对网络钓鱼诈骗的识别和防范能力。