Aggregator

The Thai police, working together with Thailand's largest telecommunications service provider, Advanced Info Service (AIS), located and busted the Chinese operators of an SMS blaster device that spammed fraudulent messages across Bangkok. [...]

A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-11650. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability was named CVE-2024-11649. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-customer.php. The manipulation of the argument name leads to sql injection. This vulnerability is uniquely identified as CVE-2024-11648. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. This vulnerability is handled as CVE-2024-11647. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. This vulnerability is known as CVE-2024-11646. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #446592 / VDB-285971

Submit #451245 / VDB-285970

Submit #447291 / VDB-285969

Submit #446576 / VDB-285968

Submit #446575 / VDB-285967

A vulnerability has been found in Trend Micro Email Encryption Gateway 5.5 and classified as critical. This vulnerability affects unknown code. The manipulation leads to injection. This vulnerability was named CVE-2018-6220. The attack can be initiated remotely. Furthermore, there is an exploit available.

Meta 的 Instagram 出现了大量 AI 生成的网红，从真实模特和成人内容创作者窃取视频，替换为 AI 生成的脸，然后通过约会网站、Patreon、OnlyFans 等货币化。成人内容创作者抱怨她们现在需要和 AI 网红竞争。Elaina St James 称，自从 Instagram 上 AI 网红剧增之后，她的内容访问量大幅下降，从 100 万到 500 万次观看量下降到低于 100 万次，有时观看量不足 50 万次。她认为 Instagram 算法是部分原因，但 AI 网红也可能原因之一。她表示自己在与非自然事物进行竞争。

A vulnerability was found in PPCal Shopping Cart up to 3.3.0 and classified as problematic. This issue affects some unknown processing of the file ppcal.cgi. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2005-4314. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in ncpfs 2.2.6. Affected by this vulnerability is an unknown functionality. The manipulation leads to link following. This vulnerability is known as CVE-2010-0788. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability was found in Cisco IP Phone 7940/7960. It has been rated as critical. Affected by this issue is some unknown functionality of the component SIP Handler. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2007-4459. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

MIAMI, Florida, 24th November 2024, CyberNewsWire

The post Halo Security Launches Slack Integration for Real-Time Alerts on New Assets and Vulnerabilities appeared first on Security Boulevard.

微软旗下的代码托管平台 GitHub 称其 Copilot 辅助编程工具改进了代码质量。但这一结论可能有自卖自夸的嫌疑。GitHub 官方博客称，Copilot 帮助开发者将编程速度提升了 55%，88% 的开发者感觉开发过程更流畅了，85% 的开发者对代码更有信心了。GitHub 称，它邀请了 202 名有至少五年经验的 Python 开发者，一半人被随机分配使用 GitHub Copilot 辅助编程，另一半对照组被要求不使用任何 AI 工具，最后使用单元测试和专家评审评估他们编写的代码质量。结果表明，Copilot 辅助编写的代码增强了功能性，提高了可读性，有更高的质量，获得了更高的批准率。Copilot 的辅助编程让通过所有 10 项单元测试的可能性提高了 56%，明显错误更少，代码行数增加了 13.6%，可读性提高 3.62%，可靠性提高 2.94%，可维护性提高 2.47%，简洁性提高 4.16%。GitHub 称这些数字都具有统计学上显著意义。非 GitHub 的第三方对辅助编程是否改进代码质量有着不同的结论。

A vulnerability was found in IncomCMS 2.0. It has been declared as critical. This vulnerability affects unknown code of the file modules/uploader/showcase/script.php. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2020-29597. The attack can only be done within the local network. Furthermore, there is an exploit available.