Aggregator

总结-顺便聊聊bug bounty中的一些问题正文一眨眼功夫,2024年过去了,时间飞逝,近几年越来越感受到时间走的越来越快,现在对时间也越发珍惜.回到正题,整体来说,2024年和以前相比有了一定程度

某一天悠闲的午后，白帽小哥Atikqur坐在办公桌前，在 Google Slides 上准备着一场活动的演讲稿。幻灯片准备好后，开始点击演示者视图来预览它们，由于白帽小哥想与观众进行现场问答环节，因此

A vulnerability, which was classified as problematic, was found in Flyspray 0.9.9.6. Affected is an unknown function of the file index.php. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2012-1058. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in osCommerce Online Merchant 3.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument value_title leads to cross site scripting. This vulnerability is known as CVE-2012-1059. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Linux Kernel. This affects the function stnes of the component iproute. The manipulation leads to link following. This vulnerability is uniquely identified as CVE-2012-1088. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Joomla CMS 2.5.0/2.5.2. Affected is an unknown function of the component Highlight Plugin. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2012-1117. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ruby on Rails up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality in the library actionpack/lib/action_view/helpers/form_options_helper.rb. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2012-1099. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Alleged Data Leak of Kroll Export to FTX Crypto

A vulnerability classified as critical has been found in Perl 2.17.1-2+squeeze1. This affects the function pg_warn of the file dbdimp.c of the component DBD::Pg Module. The manipulation leads to format string. This vulnerability is uniquely identified as CVE-2012-1151. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Perl. This vulnerability affects the function dbd_st_prepare of the file dbdimp.c of the component DBD::Pg Module. The manipulation leads to format string. This vulnerability was named CVE-2012-1151. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in appRain up to 0.1.5. This affects an unknown part of the component File Upload. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-1153. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in phpMyAdmin. It has been declared as problematic. This vulnerability affects unknown code of the component Replication Setup. The manipulation leads to cross site scripting. This vulnerability was named CVE-2012-1190. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cisco IOS 12.4jdd and classified as critical. This vulnerability affects unknown code. The manipulation leads to denial of service. This vulnerability was named CVE-2012-1350. The attack can be initiated remotely. There is no exploit available.

Alleged VPN Access Sale to an Unidentified Italian Automotive Retail Industry

2024年Web3.0领域因安全事件导致的总损失超过23.63亿美元，同比增幅达31.61%。全年共发生760起安全事件，其中网络钓鱼和私钥泄露是两大主要攻击手段。

In a recent podcast interview with Cybercrime Magazine's host, Charlie Osborne, Scott Schober, Cyber Expert, Author of "Hacked Again," and CEO of Berkeley Varitronics Systems, discusses the recent cyberattack on Blue Yonder, including how the incident impacted supply chains, effective steps an organization can take after a ransomware attack, and more. The podcast can be listened to in its entirety below.

The post Breaking Down The Blue Yonder Cyberattack appeared first on Security Boulevard.

In a recent podcast inter