观点 | 构建符合数实融合的数据基础制度体系
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063文 | 北京市科学技术研究院科技情报研究所副研究员 靳晓宏;北京市科学技术研究院科技情报研究所研究员 李辉完善的数实融合
Aggregator
专家解读 | 凝聚安全风险治理共识 促进人工智能创新发展
1 year 5 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063文 | 中国法学会法治研究所研究员 刘金瑞当前,人工智能技术的迅速发展,正在对经济发展、社会治理、人民生活产生重大而深刻
专家解读 | 杨建军:加快构建网络数据安全法规制度体系 全面提升治理监管能力
1 year 5 months ago
扫码订阅《中国信息安全》邮发代号 2-786征订热线:010-82341063文 | 中国电子技术标准化研究院副院长 全国网络安全标准化技术委员会秘书长 杨建军习近平总书记强调,要坚持依法治网、依法
Grav CMS 1.7.44 Server-Side Template Injection
1 year 5 months ago
© 2024 Packet Storm. All rights reserved.
CVE-2024-42514 | Mitel MiContact Center Business up to 10.1.0.4 Legacy Chat improper authorization
1 year 5 months ago
A vulnerability classified as critical has been found in Mitel MiContact Center Business up to 10.1.0.4. Affected is an unknown function of the component Legacy Chat. The manipulation leads to improper authorization.
This vulnerability is traded as CVE-2024-42514. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-20442 | Cisco Nexus Dashboard up to 3.1(1l) REST API Endpoint authorization (cisco-sa-ndhs-uaapi-Jh4V6zpN)
1 year 5 months ago
A vulnerability was found in Cisco Nexus Dashboard. It has been classified as critical. Affected is an unknown function of the component REST API Endpoint. The manipulation leads to missing authorization.
This vulnerability is traded as CVE-2024-20442. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-41585 | DrayTek Vigor3910 up to 4.3.2.6 recvCmd os command injection
1 year 5 months ago
A vulnerability classified as critical has been found in DrayTek Vigor3910 up to 4.3.2.6. Affected is an unknown function of the file recvCmd. The manipulation leads to os command injection.
This vulnerability is traded as CVE-2024-41585. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2024-41588 | DrayTek Vigor3910 up to 4.3.2.6 CGI Endpoint v2x00.cgi strncpy buffer overflow
1 year 5 months ago
A vulnerability classified as critical was found in DrayTek Vigor3910 up to 4.3.2.6. Affected by this vulnerability is the function strncpy of the file v2x00.cgi of the component CGI Endpoint. The manipulation leads to buffer overflow.
This vulnerability is known as CVE-2024-41588. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-41590 | DrayTek Vigor310 up to 4.3.2.6 CGI Endpoint strcpy buffer overflow
1 year 5 months ago
A vulnerability, which was classified as critical, was found in DrayTek Vigor310 up to 4.3.2.6. This affects the function strcpy of the component CGI Endpoint. The manipulation leads to buffer overflow.
This vulnerability is uniquely identified as CVE-2024-41590. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2024-46658 | SyroTech SY-GOPON-8OLT-L3 1.6.0_240629 command injection
1 year 5 months ago
A vulnerability was found in SyroTech SY-GOPON-8OLT-L3 1.6.0_240629 and classified as critical. This issue affects some unknown processing. The manipulation leads to command injection.
The identification of this vulnerability is CVE-2024-46658. The attack can only be done within the local network. There is no exploit available.
vuldb.com
CVE-2024-9429 | code-projects Restaurant Reservation System 1.0 /filter2.php from/to sql injection
1 year 5 months ago
A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection.
This vulnerability is known as CVE-2024-9429. The attack can be launched remotely. Furthermore, there is an exploit available.
The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well.
vuldb.com
CVE-2024-46503 | Simple-Spellchecker 1.0.2 _readFileSync path traversal
1 year 5 months ago
A vulnerability, which was classified as problematic, was found in Simple-Spellchecker 1.0.2. This affects the function _readFileSync. The manipulation leads to path traversal.
This vulnerability is uniquely identified as CVE-2024-46503. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com
Ruby-SAML / GitLab Authentication Bypass
1 year 5 months ago
© 2024 Packet Storm. All rights reserved.
ADT discloses second breach in 2 months, hacked via stolen credentials
1 year 5 months ago
Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. [...]
Lawrence Abrams
Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday
1 year 5 months ago
Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birt
iTunes For Windows 12.13.2.3 Local Privilege Escalation
1 year 5 months ago
© 2024 Packet Storm. All rights reserved.
44CON - Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own Automotive 2024
1 year 5 months ago
LEGO's website hacked to push cryptocurrency scam
1 year 5 months ago
On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. [...]
Lawrence Abrams
实战中的高版本JDK的JNDI注入
1 year 5 months ago
CVE-2023-33008 | Apache Johnzon up to 1.2.20 JSON deserialization (JOHNZON-397)
1 year 5 months ago
A vulnerability, which was classified as problematic, has been found in Apache Johnzon up to 1.2.20. This issue affects some unknown processing of the component JSON Handler. The manipulation leads to deserialization.
The identification of this vulnerability is CVE-2023-33008. Access to the local network is required for this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com