Aggregator
CVE-2001-0265 | NAI PGP 5/7.0.3 ASCII Armor Parser privileges management (EDB-20738 / XFDB-6643)
1 year 6 months ago
A vulnerability was found in NAI PGP 5/7.0.3. It has been declared as problematic. This vulnerability affects unknown code of the component ASCII Armor Parser. The manipulation leads to improper privilege management.
This vulnerability was named CVE-2001-0265. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
从 OpenAI 12 天发布会里,我们看到了行业的四个关键问题
1 year 6 months ago
OpenAI 的 12 连发「远低预期」?我们和内行人聊了聊。
CVE-2004-0771 | F-Secure Anti-Virus RAR Archive privileges management (EDB-24120 / Nessus ID 14813)
1 year 6 months ago
A vulnerability was found in F-Secure Anti-Virus and classified as critical. Affected by this issue is some unknown functionality of the component RAR Archive Handler. The manipulation leads to improper privilege management.
This vulnerability is handled as CVE-2004-0771. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2021-44653 | Online Magazine Management System 1.0 Login Form sql injection (Exploit 50561 / EDB-50561)
1 year 6 months ago
A vulnerability has been found in Online Magazine Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Login Form. The manipulation leads to sql injection.
This vulnerability is known as CVE-2021-44653. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.
vuldb.com
Prism:也许是目前理想的WordPress代码高亮方案
1 year 6 months ago
Prism Prism js 是一个轻量级的语法高亮 js / css,广泛使用在各大站点中。 官网:https://prismjs.com/download. […]
root
CVE-2014-0007 | Theforeman Foreman up to 1.5.0 path privileges management (Issue 6086 / EDB-39222)
1 year 6 months ago
A vulnerability, which was classified as critical, has been found in Theforeman Foreman up to 1.5.0. This issue affects some unknown processing. The manipulation of the argument path leads to improper privilege management.
The identification of this vulnerability is CVE-2014-0007. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
G.O.S.S.I.P 阅读推荐 2024-12-23 那些挖漏洞的团队(伙)
1 year 6 months ago
全世界无产者,联合起来!
CVE-2019-15793 | Ubuntu Linux 5.0/5.3 shiftfs file information disclosure (usn-4183-1 / EDB-47693)
1 year 6 months ago
A vulnerability classified as problematic was found in Ubuntu Linux 5.0/5.3. Affected by this vulnerability is an unknown functionality of the component shiftfs. The manipulation leads to file and directory information exposure.
This vulnerability is known as CVE-2019-15793. Attacking locally is a requirement. Furthermore, there is an exploit available.
vuldb.com
NFT scammers charged for stealing $22 million through “rug pulls”
1 year 6 months ago
A six-count indictment was unsealed on Friday in Los Angeles charging two California men with defrauding investors of more than $22 million in cryptocurrency through a series of digital asset project “rug pulls,” a type of fraud scheme in which the creator of a nonfungible token (NFT) or other digital asset project solicits funds from investors for the project and then abruptly abandons the project and fraudulently retains investors’ funds. Both men were arrested on … More →
The post NFT scammers charged for stealing $22 million through “rug pulls” appeared first on Help Net Security.
Help Net Security
Akira
1 year 6 months ago
cohenido
New Threat Actor
1 year 6 months ago
cohenido
价值1.4 W人民币漏洞!
1 year 6 months ago
这篇文章讲述了我最喜欢的一个漏洞发现,因为它是一个非常出乎意料的问题。
CVE-2024-25156 | Fortra GoAnywhere MFT up to 7.4.1 path traversal (Nessus ID 213327)
1 year 6 months ago
A vulnerability, which was classified as critical, has been found in Fortra GoAnywhere MFT up to 7.4.1. Affected by this issue is some unknown functionality. The manipulation leads to path traversal.
This vulnerability is handled as CVE-2024-25156. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2003-1540 | WF-Chat 1.0 !pwds.txt/!nicks.txt Password information disclosure (EDB-22388 / Nessus ID 11688)
1 year 6 months ago
A vulnerability was found in WF-Chat 1.0. It has been classified as critical. Affected is an unknown function of the file !pwds.txt/!nicks.txt. The manipulation leads to information disclosure (Password).
This vulnerability is traded as CVE-2003-1540. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
Apache fixes remote code execution bypass in Tomcat web server
1 year 6 months ago
Apache has released a security update to address an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. [...]
Bill Toulas
Microsoft fixes bug behind random Office 365 deactivation errors
1 year 6 months ago
Microsoft has rolled out a fix for a known issue that causes random "Product Deactivated" errors for customers using Microsoft 365 Office apps. [...]
Sergiu Gatlan
CVE-2024-12898 | 1000 Projects Attendance Tracking Management System 1.0 faculty_action.php faculty_course_id sql injection
1 year 6 months ago
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/faculty_action.php. The manipulation of the argument faculty_course_id leads to sql injection.
This vulnerability was named CVE-2024-12898. The attack can be initiated remotely. Furthermore, there is an exploit available.
Other parameters might be affected as well.
vuldb.com
Точка невозврата: YouTube установил антирекорд в России
1 year 6 months ago
Трафик упал до исторического минимума.
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
1 year 6 months ago
The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up.
Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps.
The Hacker News