Aggregator

A vulnerability classified as critical has been found in Xlight FTP Server 1.40/1.41/1.45/1.52. This affects an unknown part of the component SFTP Server. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2024-46483. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Terms Descriptions Plugin up to 3.4.6 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-9374. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in LocalServer 1.0.9 and classified as problematic. Affected by this issue is some unknown functionality of the file /testmail/index.php. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-10286. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in LocalServer 1.0.9. It has been classified as problematic. This affects an unknown part of the file /mlss/ForgotPassword. The manipulation of the argument ListName leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10287. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in LocalServer 1.0.9. It has been declared as problematic. This vulnerability affects unknown code of the file /mlss/SubscribeToList. The manipulation of the argument ListName leads to cross site scripting. This vulnerability was named CVE-2024-10288. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in LocalServer 1.0.9. It has been rated as problematic. This issue affects some unknown processing of the file /mlss/ManageSubscription. The manipulation of the argument MSubListName leads to cross site scripting. The identification of this vulnerability is CVE-2024-10289. The attack may be initiated remotely. There is no exploit available.

Welcome to Day Three of our first ever Pwn2Own Ireland competition! We’ve already awarded $874,875, and we have 15 attempts left to go. Will we hit the $1,000,000 mark or will all remaining attempts end up in bug collisions? Stay tuned to find out. All times are Irish Standard Time (GMT +1:00).

SUCCESS - Ha The Long with Ha Anh Hoang of Viettel Cyber Security (@vcslab) used a single command injection bug to exploit the QNAP TS-464 NAS. Their fourth-round win nets them $10,000 and 4 Master of Pwn points.

FAILURE - Unfortunately, Sina Kheirkhah (@SinSinology) and Enrique Castillo (@hyprdude) of Summoning Team (@SummoningTeam) could not get their exploit of the Ubiquiti AI Bullet working within the time allotted.

SUCCESS - Pumpkin Chang (@u1f383) and Orange Tsai (@orange_8361) from the DEVCORE Research Team combined a CRLF Injection, an Auth Bypass, and a SQL Injection to exploit the Synology BeeStation. They earn $20,000 and 4 Master of Pwn points.

SUCCESS - PHP Hooligans / Midnight Blue (@midnightbluelab) used an OOB Write and a memory corruption bug to go from the QNAP QHora-322 to the Lexmark printer, which they demonstrated by printing their own "cash". Their successful SOHO Smashup earns them $25,000 and 10 Master of Pwn points.

SUCCESS - The Viettel Cyber Security (@vcslab) used a single type confusion bug to exploit the Lexmark CX331adwe printer. In the process, they earn $20,000 and 2 Master of Pwn points.

COLLISION - Our first collision of Day Three: the group from STEALIEN Inc. successfully popped the Lorex camera, but the bug they used had already been demonstrated in the contest. They still earn $3,750 and 1.5 Master of Pwn points.

COLLISION - namnp and tunglth of Viettel Cyber Security (@vcslab) ran into another collision. Their stack-based buffer overflow took over the Canon printer, but it had been previously used in the competition. They still earn $5,000 and 1 Master of Pwn point.

SUCCESS - Newcomers Team Smoking Barrels used an unprotected primary channel bug to exploit the Synology BeeStation for code execution. They earn $10,000 and 4 Master of Pwn points.

FAILURE - Unfortunately, the Viettel Cyber Security (@vcslab) could not get their exploit of the Ubiquiti AI Bullet working within the time allotted.

SUCCESS - In the penultimate attempt of Day 2, Daan Keuper (@daankeuper), Thijs Alkemade (@xnyhps), and Khaled Nassar (@notkmhn) from Computest Sector 7 (@sector7_nl) combined 4 bugs, including a command injection and a path traversal to going from the QNAP QHora-322 to the TrueNAS Mini X. They earn $25,000 and 10 Master of Pwn points.

FAILURE - ExLuck (@ExLuck99) of ANHTUD was unable to complete his SOHO S=mashup in the time allotted. HE was able to get into the Synology router but couldn't successfully pivot to the Canon printer.

备受瞩目的《辐射 4》大型 MOD《辐射：伦敦(Fallout: London )》于 7 月 25 日在 GOG 平台发布。《辐射：伦敦》的容量高达 34.2 GB，因此没有通过 MOD 网站而是通过数字游戏发行平台 GOG 平台发布，它的主地图大小与《辐射 4》相差无几，背景首次设定在美国之外的英国伦敦，为玩家提供了一种全新的体验。故事时间设定在 2237 年，位于《辐射》和《辐射 2》之间，末日之后的伦敦各个帮派在争夺城市的控制权。在发布约 3 个月后，GOG 宣布《辐射：伦敦》的玩家数量突破了 100 万。

Skip to contentIndustry veterans, chatting about computer security and online privacy.

A vulnerability was found in Open-Xchange Server 6.20.7/6.22.0/6.22.1 and classified as problematic. Affected by this issue is some unknown functionality of the component Filesystem. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2013-1650. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

本期周报简介：1、各位会把Linux服务器的root账号名修改成其他账号名吗？修改掉会不会有风险？ 2、开发、运维人员访问生产服务器是如何安全管控的？生产服务器是不是不会开给开发人员远程访问权限的？ 3、各位SCA都是怎么用的？

量子理论描述的是极短时间尺度上发生的事件。过去此类事件被认为是“瞬间”或“瞬时”发生的，比如两个粒子相撞，它们下一刻突然“量子纠缠”了。今天科学家已经能研究瞬间效应事件。维也纳工业大学和中国研究团队开发出可用于模拟超快过程的计算机模拟，让找出量子纠缠如何在阿秒时间尺度上产生成为可能。研究报告发表在《Physical Review Letters》期刊上。

A vulnerability, which was classified as critical, has been found in Macromedia Flash Player up to 5.0.30. This issue affects the function exec of the component SWF File Handler. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2002-0477. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Композиторы и продюсеры объявили войну искусственному интеллекту: кто победит?

斯坦福研究员 Marietje Schaake 认为，除了能运用其巨大的经济实力外，科技公司开始扮演通常保留给政府的角色，在此过程中破坏了民主法治。在数字领域，私企对信息的控制、不受约束的代理能力和行动权几乎超过了政府。以网络安全为例，NSO Group Technologies 等私企开发的商业间谍软件让任何有财力的人都能获得情报服务能力，可用于入侵政治对手、法官、记者、重要员工、竞争对手等的智能手机窃取非常私密的情报。不只是科技巨头，小型科技公司也通过数字技术的发展而掌握了实际权力。这些能力、决策和权力曾专属于国家，现在正渗透到私营公司的手中，但不受约束，缺乏法治社会的权力制衡。

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol. "A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may

A vulnerability classified as critical has been found in espeak-ruby Gem up to 1.0.2 on Ruby. This affects the function speak/save/bytes/bytes_wav in the library lib/espeak/speech.rb. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2016-10193. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious actors could exploit. The update is now available on the Stable channel, with version 130.0.6723.69/.70 for Windows and Mac and version 130.0.6723.69 for Linux. The rollout is expected to reach users over the coming days and weeks.  The Extended Stable […]

The post Google Patches Multiple Chrome Security Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The identification of this vulnerability is CVE-2024-10331. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Arcadyan FMIMG51AX000J. This vulnerability affects unknown code of the component Alliance Wi-Fi Test Suite. The manipulation leads to command injection. This vulnerability was named CVE-2024-41992. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.