Aggregator

A vulnerability classified as problematic has been found in Phorum 3.4.3. This affects an unknown part. The manipulation of the argument subject/author/email with the input << leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2003-0283. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Activision Call of Duty 4 up to 1.5. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper input validation. This vulnerability is known as CVE-2008-2106. The attack can be launched remotely. Furthermore, there is an exploit available.

BARWM, a novel backdoor attack approach for real-world deep learning (DL) models deployed on mobile devices. Existing backdoor attacks often suffer from limitations such as altering the model structure or relying on easily detectable, sample-agnostic triggers.  By utilizing DNN-based steganography to generate sample-specific backdoor triggers that are imperceptible, it is able to circumvent these limitations. […]

The post Stealthy Steganography Backdoor Attacks Target Android Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

随着人工智能技术的快速普及，新的安全漏洞和越狱方法不断涌现。Palo Alto Networks的Unit 42研究团队近日发现了一种新型越狱技术——“Bad Likert Judge”，该技术能突破

A vulnerability, which was classified as problematic, has been found in osCommerce 2.2 Ms2. Affected by this issue is the function tep_href_link of the file html_output.php. The manipulation of the argument osCsid leads to basic cross site scripting. This vulnerability is handled as CVE-2003-1219. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Cisco Firepower Management Center跨站脚本漏洞（CNVD-2024-43202）

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞247个，其中高危漏洞120个、中危漏洞117个、低危漏洞10个。漏洞平均分值为6.54。

一、境外厂商产品漏洞1、SAP NetWeaver Enterprise Portal跨站脚本漏洞（CNVD-2024-49627）SAP Commerce Cloud的Backoffice是一个用户

2024年12月30日-2025年1月05日本周漏洞态势研判情况      本周信息安全漏洞威胁整体评价级别为中。国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞247个，其中

A vulnerability classified as problematic has been found in Avantbrowser Avant Browser up to 11.7. This affects an unknown part of the component Javascript Engine. The manipulation leads to numeric error. This vulnerability is uniquely identified as CVE-2008-4166. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

12月，火绒安全产品拦截恶意攻击总数185,909,512次，其中病毒拦截1.1亿次、系统高危动作拦截4006.8万次、网络高危风险拦截3993.3万次。

A vulnerability was found in Document Foundation LibreOffice 7.4.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the component PPT File Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-36268. The attack may be launched remotely. There is no exploit available.

前期，我们已经撰写《绿盟虚拟汽车靶场及其优势》一文，以阐述绿盟虚拟汽车靶场的优势与攻防实战表现，表明虚拟汽车在虚拟电子电气架构的虚拟化方面表现出色。本文作为补充，基于CAN总线攻防实战，进一步阐述绿盟虚拟汽车在CAN总线攻防方面的表现

一.  背景绿盟突破技术壁垒，使得虚拟汽车零部件具备嵌入式操作系统（嵌入式Linux、嵌入式Android），多个虚拟零部件可以加入虚拟汽车CAN网络中相互进行CAN总线通信，构建出完整的汽车电子电气

A vulnerability was suspected in Freedesktop Xedit 1.2.3. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Apple macOS. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Apple iOS and iPadOS. This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in User Submitted Posts Plugin up to 20230901. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.