Aggregator

在网络安全领域，安全团队面临着大量警报、过时报告的困扰，并且常常缺乏对新兴威胁的实时可见性。这种传统的漏洞管理 […]

新闻速览 •工信部CSTIS提醒：防范WinRAR安全绕过漏洞的风险 •第一季度159个CVE遭到野外利用，近 […]

fuzzuf fuzzuf (fuzzing unification framework) is a fuzzing framework with its own DSL to describe a fuzzing loop by constructing building blocks of fuzzing primitives. Why use fuzzuf? fuzzuf enables a flexible definition of a fuzzing loop...

The post fuzzuf: Fuzzing Unification Framework appeared first on Penetration Testing Tools.

CuddlePhish Weaponized multi-user browser-in-the-middle (BitM) for penetration testers. This attack can be used to bypass multi-factor authentication on many high-value web applications. It even works for applications that do not use session tokens, and...

The post cuddlephish: Weaponized multi-user browser-in-the-middle (BitM) for penetration testers appeared first on Penetration Testing Tools.

远控锁屏恶意软件样本分析

远控锁屏恶意软件样本分析

A vulnerability was found in Apple macOS. It has been rated as problematic. This issue affects some unknown processing of the component dcerpc. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2023-23513. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple Safari up to 16.2. This issue affects some unknown processing of the component WebKit. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2023-23517. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple Safari up to 16.2. This vulnerability affects unknown code of the component WebKit. The manipulation leads to memory corruption. This vulnerability was named CVE-2023-23518. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been classified as critical. This affects an unknown part of the component WebKit. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2023-23496. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been declared as critical. This vulnerability affects unknown code of the component WebKit. The manipulation leads to memory corruption. This vulnerability was named CVE-2023-23518. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS and classified as critical. Affected by this vulnerability is an unknown functionality of the component Vim. The manipulation leads to use after free. This vulnerability is known as CVE-2022-3705. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been rated as critical. This issue affects some unknown processing of the component WebKit. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2023-23517. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

雷军回应小米手机重回第一：人车家全生态； 古尔曼：苹果 Vision Pro 轻量版最早有望今年末上市； 全球访问量最大网站 TOP20：谷歌位居榜首，YouTube 访问时长最长

A vulnerability classified as problematic was found in PCRE up to 8.36. Affected by this vulnerability is the function pcre_compile2. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2015-2326. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. This issue affects some unknown processing of the component WebTransport. The manipulation leads to use after free. The identification of this vulnerability is CVE-2023-0471. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. Affected is an unknown function of the component WebRTC. The manipulation leads to use after free. This vulnerability is traded as CVE-2023-0472. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.