Aggregator

A vulnerability was found in Advanced Real Estate Script 4.0.7. It has been declared as critical. This vulnerability affects unknown code of the file search-results.php. The manipulation of the argument Projectmain/proj_type/searchtext/sell_price/maxprice parameter as part of Parameter leads to sql injection. This vulnerability was named CVE-2017-17603. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Advanced World Database 2.0.5. It has been rated as critical. This issue affects some unknown processing of the file city.php. The manipulation of the argument Country as part of Parameter leads to sql injection. The identification of this vulnerability is CVE-2017-17640. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Admidio 3.2.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file adm_program/modules/members/members_function.php. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2017-8382. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Adult Script Pro 2.2.4. It has been classified as critical. This affects an unknown part of the file /download. The manipulation of the argument PATH_INFO leads to sql injection. This vulnerability is uniquely identified as CVE-2017-15959. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in AccessKeys AccessPress Anonymous Post Pro Plugin up to 3.1.9 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/cores/file-uploader.php. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2017-16949. The attack can be launched remotely. Furthermore, there is an exploit available.

HackerNews 编译，转载请注明出处： 联邦贸易委员会（FTC）数据显示，诈骗者侵吞退休人员毕生积蓄的速度正以惊人速率攀升。去年单年，网络犯罪分子就卷走7亿美元，其中大部分损失涉及被骗金额超过10万美元的受害者。 向FTC报告因诈骗损失超1万美元的老年人数量激增逾四倍。这些诈骗者通常伪装成知名且受信任的政府机构或公司人员。2024年，60岁以上成年人因商业或政府冒充诈骗损失超1万美元的案件达8269起；相比之下，2020年该数字仅为1790起，增长4.6倍。 损失金额的增长更为显著：2020年冒充诈骗造成1.22亿美元损失，而去年诈骗损失总额达7亿美元。损失超10万美元的案例情况最严重——此类诈骗损失从2020年的5500万美元飙升至2024年的4.45亿美元，增长8倍。网络犯罪分子清空了受害者的银行账户甚至401(k)退休金账户。 FTC在报告中指出：“具有讽刺意味的是，近期骗局利用虚假安全警报等手段，针对老年人保护资金和身份的高度警惕心理实施盗窃。”虽然年轻人也会受骗，但FTC强调老年人“更可能”报告大额损失。 去年多数诈骗始于钓鱼接触：41%的报告显示首次接触方式为电话；15%的受害者表示骗局始于在线广告或弹窗；13%称始于电子邮件。最常被提及的是伪装成微软或苹果的在线广告和弹窗安全警报，其中包含可拨打的电话号码。 令人意外的是，33%的老年受害者承认通过加密货币向犯罪分子转账。五分之一的受害者使用银行转账，16%支付现金。“在明确支付方式的报告中，提及加密货币的案例大多在描述中提到了比特币ATM机，”FTC称。在损失超1万美元的报告里，约5%涉及黄金支付；而在损失最严重的案例中，超过五分之一提到使用黄金作为支付方式或被写入投诉。 诈骗者常用话术 FTC重点列出三种典型诈骗剧本： “您的账户遭盗用”：骗子冒充银行员工，谎称监测到“可疑交易”；或伪装成亚马逊员工，通知存在“未授权购买”。 “您的信息被用于犯罪”：诈骗者假冒政府官员或探员，警告受害者的社保号码涉及毒品走私、洗钱甚至儿童色情等犯罪活动。 “您的电脑存在安全问题”：虚假屏幕安全警报常伪装成苹果或微软通知并附联系电话。骗子随后谎称受害者的在线账户已被黑客入侵。 FTC本身也常被骗子冒用，诈骗者甚至盗用其真实员工姓名。该机构解释：“这些骗子声称，摆脱虚假危机的唯一方法是按其指示操作——最终必然要求向诈骗者汇款。骗局可能设计多层复杂情节，但核心目标都是掏空您的账户。”骗子会向受害者保证，遵循其指示可“保障资金安全”、“保护身份”、“洗清罪名”或“协助抓捕罪犯”。 多数诈骗仍依赖电话实施，利用通话制造的恐惧感和紧迫感，使受害者更难冷静思考并核实信息。 如何保护资金？ FTC建议：“切勿为‘保护资金’而转移财产。无论对方自称何种身份，都绝不要因意外来电或消息汇款或转账——即使对方声称此举是为‘保护资金’。”该机构提倡屏蔽骚扰电话，可通过下载拦截应用或使用手机内置功能实现。 若接到自称政府机构或企业人员的来电，应立即挂断并自行核实：查阅官方网站，查找官方电话，直接联系相关机构或公司确认。切勿轻信安全弹窗、邮件、短信或其他非主动索取的通讯中提供的电话号码。       消息来源：cybernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

在Web安全战场上，文件上传漏洞是攻击者突破防线的利刃。一、前端绕过体系1. 客户端检测突破// 原始检测

当前环境出现异常，需完成验证后方可继续访问。

A vulnerability was found in Microsoft Windows 2000/NT/Server 2003/XP. It has been rated as problematic. Affected by this issue is some unknown functionality of the component HTML Help. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2003-0711. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability classified as problematic was found in Microsoft Exchange 5.5. This vulnerability affects unknown code of the component Outlook Web Access. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2003-0712. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Exchange 5.5/2000. This affects an unknown part of the component SMTP Service. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2003-0714. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

OpenAI重新向Plus用户开放GPT-4o模型以应对用户对GPT-5质量下降的不满；特朗普要求英特尔CEO辞职引发股价波动；江苏9月起免收高速救援拖吊车费；美国计算机专业毕业生求职遇冷；微软推出Windows10扩展安全更新计划；沉浸式翻译插件因限制API引发争议后撤回政策。

A vulnerability was found in btcpayserver up to 1.7.x. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of equivalent special elements. This vulnerability is handled as CVE-2023-1149. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in flatpress up to 1.2. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-1147. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in flatpress up to 1.2. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-1148. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Archive 3.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component ZIP Filename Handler. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2023-39137. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in vim up to 9.0.1366. Affected is an unknown function. The manipulation leads to divide by zero. This vulnerability is traded as CVE-2023-1127. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in flatpress up to 1.2. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-1146. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the component Infrared Driver. The manipulation leads to use after free. The identification of this vulnerability is CVE-2023-1118. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

大家好，我是老白！自研数据更新系统已开发测试，每周一8：45准时通过本公众号推送最新DNS解析包（A/AAAA/CNAME/MX记录），助您高效追踪网络资产动态！