Aggregator

A vulnerability, which was classified as problematic, has been found in Symantec Norton Antivirus 2003. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2004-2147. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in MySQL 4.1.3/4.1.4 and classified as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2004-2149. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Easy Software Products CUPS. This affects an unknown part of the file cupsd.conf. The manipulation leads to improper handling of case sensitivity. This vulnerability is uniquely identified as CVE-2004-2154. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

本网站使用cookies以记住您的偏好和优化您的访问体验。您可选择接受所有cookies或通过设置进行个性化管理。

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Critical Sudo bugs expose […]

A vulnerability classified as very critical was found in Microsoft Windows 7/Server 2003/Server 2008/Vista/XP. This vulnerability affects unknown code of the component Remote Desktop Service. The manipulation leads to code injection. This vulnerability was named CVE-2012-0002. The attack can be initiated remotely. Furthermore, there is an exploit available. This vulnerability has a historic impact due to its background and reception. It is recommended to apply a patch to fix this issue.

一个看似无害的JSON响应，竟让轻松劫持会话弹窗等等！

详细分析mikrotik cve复现过程

A vulnerability classified as critical has been found in Oracle Healthcare Translational Research 3.1.0/3.2.1/3.3.1. This affects an unknown part of the component jQuery. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-11358. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Hedgehog-CMS 1.21. It has been rated as problematic. Affected by this issue is some unknown functionality of the file includes/header.php. The manipulation of the argument c_temp_path leads to path traversal. This vulnerability is handled as CVE-2008-2898. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Claroline. Affected by this vulnerability is an unknown functionality of the file admin/advancedUserSearch.php. The manipulation of the argument action leads to cross site scripting. This vulnerability is known as CVE-2007-4717. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Теперь мир станет чуточку безопаснее?

A vulnerability was found in Claroline 1.8.5 and classified as problematic. This issue affects some unknown processing of the file admin/adminusers.php. The manipulation of the argument view leads to cross site scripting. The identification of this vulnerability is CVE-2007-4717. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

从源码层面调试分析house of cat 的攻击流程

本文将详细介绍当前已被主流废弃但仍可在攻击场景中利用的URL Credentials技术，将其扩展用于各种常见漏洞的绕过

文章记录了对PDD App搜索请求中加密参数anti-token的逆向分析过程。通过抓包、Hook、RPC等技术，成功定位并获取了anti-token，实现了搜索请求的复现。主要内容包括请求分析、加密参数定位、RPC调用以及Native层初步分析。

前言ret2gets是一种利用glibc优化特性（高版本编译器）的漏洞利用技术，核心是通过gets函数配合printf/puts实现libc地址泄露。该技术适用于:存在栈溢出漏洞程序包含gets函数​缺乏直接控制rdi寄存器的gadget（如pop rdi; ret）技术原型参考: ret2gets | pwn-notes ret2gets | pwn-notes演示程序: ret2gets_d

漏洞描述CVE-2017-17215是CheckPoint团队披露的远程命令执行（RCE）漏洞，存在于华为HG532路由器中。该设备支持名为DeviceUpgrade的一种服务类型，可通过向/ctrlt/DeviceUpgrade_1的地址提交请求，来执行固件的升级操作。可通过向37215端口发送数据包，启用UPnP协议服务，并利用该漏洞，在NewStatusURL或NewDownloadURL标

本文围绕Elastic EDR查杀Dll的加载问题给出Bypass思路

部分pwn