Aggregator
Daily Sparks – 在 iPhone 屏幕上显示重要的事,并不断重复,16 次!
1 day 1 hour ago
Daily Sparks 是一款轻量级 iPhone 应用(2.7 MB),通过桌面小组件显示重要事项,并支持每日最多 16 次提醒通知。开发者原意用于保存语录,但用户可将其用于重要事项提醒。测试中未见通知推送,需注意可能的频繁打扰。
CVE-2023-28331 | Moodle Database Auto-linking cross site scripting (FEDORA-2023-d9c13996b2 / EUVD-2023-0917)
1 day 2 hours ago
A vulnerability was found in Moodle. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Database Auto-linking. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2023-28331. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2021-36398 | Moodle Web Service Token List cross site scripting (EUVD-2023-0918)
1 day 2 hours ago
A vulnerability was found in Moodle. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Service Token List. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2021-36398. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2023-1245 | answerdev answer up to 1.0.5 cross site scripting (EUVD-2023-0900)
1 day 2 hours ago
A vulnerability, which was classified as problematic, has been found in answerdev answer up to 1.0.5. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2023-1245. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-1313 | cockpit up to 2.4.0 unrestricted upload (EUVD-2023-0915)
1 day 2 hours ago
A vulnerability classified as critical has been found in cockpit up to 2.4.0. This affects an unknown part. The manipulation leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2023-1313. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-1540 | answer up to 1.0.5 observable response discrepancy (EUVD-2023-0914)
1 day 2 hours ago
A vulnerability was found in answer up to 1.0.5 and classified as problematic. This issue affects some unknown processing. The manipulation leads to observable response discrepancy.
The identification of this vulnerability is CVE-2023-1540. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-1761 | thorsten phpmyfaq up to 3.1.11 code injection (EUVD-2023-0901)
1 day 2 hours ago
A vulnerability was found in thorsten phpmyfaq up to 3.1.11. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection.
This vulnerability is handled as CVE-2023-1761. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-1238 | answerdev answer up to 1.0.5 cross site scripting (EUVD-2023-0888)
1 day 2 hours ago
A vulnerability has been found in answerdev answer up to 1.0.5 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2023-1238. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2022-48366 | eZ Platform Ibexa Kernel 1.3.1.1 timing discrepancy (GHSA-342c-vcff-2ff2 / EUVD-2023-0895)
1 day 2 hours ago
A vulnerability was found in eZ Platform Ibexa Kernel 1.3.1.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to observable timing discrepancy.
This vulnerability was named CVE-2022-48366. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2012-0181 | Microsoft Windows win32k.sys access control (MS12-034 / MS12-MAY)
1 day 2 hours ago
A vulnerability classified as problematic was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality in the library win32k.sys. The manipulation leads to improper access controls.
This vulnerability is known as CVE-2012-0181. The attack needs to be approached locally. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
From Open Redirect to Internal Access: My SSRF Exploit Story
1 day 2 hours ago
文章描述了一名安全研究人员如何通过结合开放重定向漏洞和SSRF(服务器端请求伪造)漏洞来绕过SSRF防护机制的过程。具体来说,研究人员利用第三方域的一个开放重定向漏洞将请求重定向到目标网站的内部资源(如localhost),从而触发SSRF攻击。这种攻击允许攻击者访问内部服务、扫描网络端口或获取敏感数据。文章还讨论了如何修复此类漏洞,并强调了严格限制允许的域名、验证最终目标地址以及避免开放重定向的重要性。
From Open Redirect to Internal Access: My SSRF Exploit Story
1 day 2 hours ago
Pratik Dabhi分享了如何通过结合第三方开放重定向绕过SSRF保护机制的方法。他详细描述了利用目标网站的缩略图服务和第三方域名上的开放重定向漏洞来触发SSRF的过程,并讨论了修复建议。
OSINT: How to Find Hidden Data Leaks Using Free Tools
1 day 2 hours ago
开源情报(OSINT)通过公开资源收集信息以识别风险或提升安全。HaveIBeenPwned等免费工具可检测数据泄露,帮助保护个人信息或进行安全研究。
$600 Bounty: How Revealed Hidden Read Receipts in Bumble’s Chat API
1 day 2 hours ago
Bumble应用的API泄露了消息阅读状态,尽管UI显示“已送达”,但实际可获取读取信息。此漏洞由安全研究员发现并获得奖励,凸显了后端API对隐私保护的重要性。
$600 Bounty: How Revealed Hidden Read Receipts in Bumble’s Chat API
1 day 2 hours ago
Bumble设计中隐藏消息已读状态以保护隐私,但被发现其后端API暴露该信息,即使前端显示"已送达"。安全研究员@ndrong发现此漏洞并获600美元奖励。
Mapping the Forgotten Corners of the Network
1 day 2 hours ago
渗透测试团队在复杂企业网络环境中使用Kali工具进行网络扫描和枚举,谨慎处理未知设备和服务以避免误触敏感资产。
Nuclei with AI: Scan Websites Using Natural Language Prompts
1 day 2 hours ago
文章介绍了开源漏洞扫描工具Nuclei及其功能,包括通过YAML模板检测和修复漏洞、支持超过8000个模板以及新增的AI功能(通过自然语言提示生成检测模板)。文章还提供了安装步骤和使用示例。
️♂️ The Bucket That Shouldn’t Exist: How I Got Full Access to 50GB+ of Sensitive Government Data
1 day 2 hours ago
一位安全研究人员通过自研工具扫描政府网站的云存储桶,发现了多个配置错误的S3桶,其中包含超过100万份敏感文件和完全读写访问权限。报告后得到修复和感谢。
Windows 11 наконец захватила рынок. Правда, Windows 12 уже дышит в спину
1 day 2 hours ago
Что готовит для нас Microsoft в будущем?