Aggregator

A vulnerability has been found in Jabba Laci Phptraverser 0.8.0 and classified as critical. This vulnerability affects unknown code of the file assets/plugins/mp3_id/mp3_id.php of the component Assets. The manipulation of the argument GLOBALS[BASE] leads to code injection. This vulnerability was named CVE-2009-4085. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Php.brickhost phpScheduleIt up to 1.2.10 and classified as critical. This vulnerability affects unknown code of the file reserve.php. The manipulation of the argument end_date leads to code injection. This vulnerability was named CVE-2009-0820. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PhpShop 0.8.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument Category leads to sql injection. This vulnerability is handled as CVE-2009-4571. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Pimcore up to 5.7.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/class/bulk-commit. The manipulation of the argument data as part of POST Request leads to deserialization. This vulnerability was named CVE-2019-10867. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in php-fusion 9.03.00. It has been classified as critical. Affected is an unknown function of the file edit_profile.php of the component Avatar Upload Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2019-12099. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHP up to 7.1.32. It has been classified as critical. This affects the function env_path_info of the file fpm_main.c of the component FPM. The manipulation leads to out-of-bounds write (Underflow). This vulnerability is uniquely identified as CVE-2019-11043. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Moodle 3.6.3. This vulnerability affects unknown code of the file repository/repository_ajax.php?action=upload of the component ZIP File Handler. The manipulation leads to code injection. This vulnerability was named CVE-2019-11631. The attack can be initiated remotely. Furthermore, there is an exploit available.

Currently trending CVE - Hype Score: 1 - This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.

OpenAI CEO萨姆·奥尔特曼展示了GPT-5模型的问答截图，确认其基本开发完成并进入安全和功能测试阶段。尽管展示内容平平无奇，但预计该模型在代码生成和商业化能力上有显著提升，并可能引领SaaS行业变革。

文章解释了HTTP错误代码521的原因及其解决方法，指出该错误通常由源服务器无法连接导致，并建议检查服务器状态、网络配置和防火墙设置以解决问题。

HackerNews 编译，转载请注明出处： 网络安全研究人员发现一种名为“Plague”的新型Linux后门程序，该恶意软件已逃避检测长达一年之久。Nextron Systems研究员Pierre-Henri Pezier指出：“该植入程序被构建为恶意PAM（可插拔认证模块），使攻击者能静默绕过系统认证，获取持久SSH访问权限”。 可插拔认证模块（Pluggable Authentication Module，PAM）是Linux及UNIX系统中用于管理用户对应用程序和服务认证的共享库集合。由于PAM模块会被加载至特权认证进程中，恶意模块可实现凭证窃取、绕过认证检查，同时规避安全工具检测。 该网络安全公司表示，自2024年7月29日起，其在VirusTotal平台发现多个Plague样本，但所有反恶意引擎均未将其标记为恶意。此外，多个样本的存在表明幕后未知威胁组织正积极开发该恶意软件。 Plague具备四项核心能力： 静态凭证：支持隐蔽访问 抗分析能力：通过反调试与字符串混淆技术抵抗逆向工程 会话痕迹清除：通过取消设置环境变量（如SSH_CONNECTION、SSH_CLIENT）及重定向HISTFILE至/dev/null，阻止Shell命令记录，从而消除审计痕迹 Pezier强调：“Plague深度集成于认证堆栈中，可存活于系统更新过程且几乎不留取证痕迹。结合分层混淆与环境篡改技术，使其极难被传统工具检测。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

基于W01fh4cker大佬的LearnJavaMemshellFromZero从零掌握java内存马的复现重组版本，整篇文章均可复现，目录层级比较多建议https://github.com/d0ctorsec/LearnJavaMemshellFromZero-Recurrence下载阅读。

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.12.8. This issue affects some unknown processing of the component amdgpu. The manipulation leads to use after free. The identification of this vulnerability is CVE-2021-47142. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.10.41/5.12.8. Affected is the function device_add. The manipulation leads to incomplete cleanup. This vulnerability is traded as CVE-2021-47143. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.4.123/5.10.41/5.12.8. This vulnerability affects unknown code of the component gve. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2021-47141. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.12.8 and classified as critical. This issue affects the function iommu_change_dev_def_domain. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2021-47140. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.41/5.12.8. It has been declared as problematic. Affected by this vulnerability is the function register_netdev in the library lib/cpu_rmap.c. The manipulation leads to uninitialized pointer. This vulnerability is known as CVE-2021-47139. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

当前环境出现异常状态，需完成验证操作后才能继续访问。

Kali Linux发布适用于macOS的容器版，借助苹果新容器框架和Docker Hub镜像快速启动。无需虚拟机更简单便捷，但目前网络和硬件直通有限制。仅支持搭载M系列芯片的Mac设备。