Submit #392015: TOTOLINK T10 V2_V4.1.8cu.5207 Hard-coded Credentials [Accepted]
Submit #392015 / VDB-275760
Aggregator
CVE-2024-45256 | BYOB 2.0 Parameter api/files/routes.py file_add access control
4 months 2 weeks ago
A vulnerability was found in BYOB 2.0. It has been classified as critical. This affects the function file_add of the file api/files/routes.py of the component Parameter Handler. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2024-45256. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com
CVE-2024-45241 | CentralSquare CryWolf up to 2024-08-09 GeneralDocs.aspx rpt information disclosure
4 months 2 weeks ago
A vulnerability was found in CentralSquare CryWolf up to 2024-08-09 and classified as problematic. Affected by this issue is some unknown functionality of the file GeneralDocs.aspx. The manipulation of the argument rpt leads to information disclosure.
This vulnerability is handled as CVE-2024-45241. Access to the local network is required for this attack. There is no exploit available.
vuldb.com
CVE-2017-5566 | AVG Ultimate/Internet Security/AntiVirus FREE up to 17.1 Self-Protection access control (ID 370353 / BID-97022)
4 months 2 weeks ago
A vulnerability was found in AVG Ultimate, Internet Security and AntiVirus FREE up to 17.1. It has been classified as critical. This affects an unknown part of the component Self-Protection. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2017-5566. It is possible to launch the attack on the local host. There is no exploit available.
vuldb.com
CVE-2017-5567 | Avast Premier up to 12.3 Self-Protection access control (ID 370357 / BID-97017)
4 months 2 weeks ago
A vulnerability was found in Avast Premier, Internet Security, Pro Antivirus and Free Antivirus up to 12.3. It has been declared as critical. This vulnerability affects unknown code of the component Self-Protection. The manipulation leads to improper access controls.
This vulnerability was named CVE-2017-5567. The attack needs to be approached locally. There is no exploit available.
vuldb.com
筑牢安全防线 加强跨境数据流动治理
4 months 2 weeks ago
在数字产业化和产业数字化持续深化的背景下,数据与传统生产要素的深度融合,成为数字时代推动高质量发展的强劲动力。
大模型的安全发展与治理思考
4 months 2 weeks ago
2022 年底,OpenAI 推出的 ChatGPT 在文本生成领域实现了重大突破,引领了大模型技术的发展方向,推动了各式各样的基座大模型及行业大模型的发展,并逐步向多模态和具身化方向迅速演进。
关键基础设施安全资讯周报20240826期
4 months 2 weeks ago
本期关键基础设施安全资讯周报共收录安全资讯28篇。点击文章,快速阅读最新资讯。
Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers
4 months 2 weeks ago
As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever.
New findings from Forescout – Vedere Labs, the industry leader in device intelligence, and Finite State… (more…)
The post Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers first appeared on The Last Watchdog.
The post Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers appeared first on Security Boulevard.
bacohido
CVE-2024-39717: как простой PNG-файл способен взломать ваш компьютер
4 months 2 weeks ago
CISA дала федеральным агентствам США три недели, чтобы защитить свои сети.
CVE-2017-5571 | Flexera FlexNet Publisher up to 11.14.1 redirect (ID 370304 / BID-96028)
4 months 2 weeks ago
A vulnerability was found in Flexera FlexNet Publisher up to 11.14.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to open redirect.
The identification of this vulnerability is CVE-2017-5571. The attack may be initiated remotely. There is no exploit available.
vuldb.com
山石网科安研院第一季度原创技术文章合辑
4 months 2 weeks ago
合辑中都是我们优中选优的精华成果,2024第一季度山石网科安研院原创技术文章合辑。
[漏洞挖掘与防护] 03.漏洞利用之WinRAR安全缺陷复现(CVE-2018-20250)及软件自启动分析
4 months 2 weeks ago
漏洞挖掘与防护第3篇介绍CVE-2018-20250漏洞及防御方法,希望您喜欢!
SekaiCTF 2024 圆满落幕,Nu1L战队夺冠!
4 months 2 weeks ago
2024年8月26日00:00,SekaiCTF 2024正式落幕。
Linux malware sedexp uses udev rules for persistence and evasion
4 months 2 weeks ago
Researchers spotted a new stealthy Linux malware named sedexp that uses Linux udev rules to achieve persistence and evade detection. Aon’s Cyber Solutions spotted a new malware family, called sedexp, that relies on a lesser-known Linux persistence technique. The malware has been active since at least 2022 but remained largely undetected for years. The experts […]
Pierluigi Paganini
CVE-2007-1404 | ProSysInfo TFTP Server TFTPDWIN 0.4.2 tftpd.exe denial of service (EDB-3432 / XFDB-32886)
4 months 2 weeks ago
A vulnerability was found in ProSysInfo TFTP Server TFTPDWIN 0.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file tftpd.exe. The manipulation leads to denial of service.
This vulnerability is known as CVE-2007-1404. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.
vuldb.com
北京市国家网络安全宣传周网络安全作品征集活动开始 石油巨头Halliburton遭受网络攻击导致系统关闭
4 months 2 weeks ago
快速浏览!2024.8.19—8.25安全动态周回顾。
数据勒索团伙利用虚假 Windows 更新屏幕隐藏数据窃取行为
4 months 2 weeks ago
安全研究人员指出,在 AnyDesk 连接请求之前,它没有看到 Mad Liberator 与目标互动,也没有记录任何支持攻击的网络钓鱼尝试。
审计发现 FBI 的数据存储管理存在重大漏洞
4 months 2 weeks ago
据The Hacker News消息,美国司法部监察长办公室 (OIG) 的一项审计发现, FBI 在库存管理和处置涉及机密信息的电子存储媒体方面存在“重大漏洞”。OIG 的审计显示,FBI 对包含敏感但未分类 (SBU) 、存储机密国家安全信息 (NSI) 的电子介质库存管理存在三大主要问题:一旦电子存储介质(例如内部硬盘驱动器和 U 盘)从较大的设备中提取出来,FBI 就无法充分进行追踪,增加
IBM 关闭中国研发部门
4 months 2 weeks ago
IBM 将彻底关闭中国研发部门,涉及员工逾千人。IBM 中国在一份声明中称:“IBM 会根据需要调整运营,为客户提供最佳服务,这些变化不会影响我们为大中华区客户提供支持的能力。”声明还提到,中国企业,尤其是民营企业,越来越重视抓住混合云和人工智能技术带来的机遇,而 IBM 在中国的本地战略重点则是利用我们在技术和咨询方面的丰富经验,组建具备相应技能的团队,帮助中国客户共创符合他们需求的解决方案。
IBM 强调未来将转向服务中国的民营企业以及部分在中国的跨国企业,但金融、能源等关键领域的大型国企才是 IBM 过去最重要的大客户。此次研发部门关闭涉及的业务线主要有两条,一个是 IBM 中国开发中心(CDL),另一个是 IBM 中国系统中心(CSL),主要负责研发和测试。IBM 将为相关员工提供 N+3 的赔偿。