Aggregator

A vulnerability has been found in ProfitCode PayProCart 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file usrdetails.php. Performing manipulation of the argument sgnuptype results in basic cross site scripting. This vulnerability was named CVE-2005-1004. The attack may be initiated remotely. In addition, an exploit is available. The affected component should be upgraded.

A vulnerability classified as critical was found in Siglent SDS1104X-E 6.1.37R9.ADS. This affects an unknown part of the component SCPI Interface/Web Server. Executing manipulation can lead to privilege escalation. The identification of this vulnerability is CVE-2023-25367. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Siglent SDS1104X-E 6.1.37R9.ADS and classified as problematic. This vulnerability affects unknown code of the component SCPI Interface. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2023-25366. The attack must be carried out from within the local network. There is no available exploit.

Available on GitHub and promoted to professional penetration testers, the tool AdaptixC2 has been used to spread loader malware associated with Russian ransomware groups, researchers said.

This joint guidance provides security best practices to help administrators harden on-premises Exchange servers by enforcing a prevention posture and hardening authentication and encryption.

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. [...]

20 ватт — предел разума?

A vulnerability was found in Graylog2 graylog2-server up to 6.2.3/6.3.0-rc.1. It has been classified as critical. This affects an unknown part of the component REST API. Performing manipulation results in improper authorization. This vulnerability was named CVE-2025-53106. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in WinRAR up to 7.12 and classified as critical. This issue affects some unknown processing of the component Archive File Handler. Executing manipulation can lead to path traversal: '.../...//'. This vulnerability is handled as CVE-2025-8088. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in Trimble Cityworks up to 23.9. This impacts an unknown function of the component MS IIS. The manipulation results in deserialization. This vulnerability is cataloged as CVE-2025-0994. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.

Cybercriminals are abusing AdaptixC2, a legitimate emulation framework, in ransomware campaigns

暗网空间测绘 by ourren

匿名通信基础知识 by ourren

使用Overpass Turbo进行战略网络战情报收集 by ourren

安全运营体系建设：从合规到融合，三步走稳扎稳打 by ourren

锁定ORB网络PolarEdge的关键拼图: RPX中继系统浮出水面 by ourren

Bellingcat在线调查模式研究（2014-2024） by ourren

AI辅助逆向APP白盒AES分析 by ourren

反入侵 Pipeline by swim

更多最新文章，请访问SecWiki