Aggregator

A vulnerability classified as problematic was found in Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2. Affected by this vulnerability is an unknown functionality of the component GDI. The manipulation leads to information disclosure. This vulnerability is known as CVE-2019-1015. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2. Affected by this issue is some unknown functionality of the component GDI. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2019-1016. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows. This affects an unknown part of the component Win32k. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2019-1017. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows up to Server 2019 and classified as critical. This vulnerability affects unknown code of the component DirectX. The manipulation leads to improper access controls. This vulnerability was named CVE-2019-1018. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as problematic. This issue affects some unknown processing of the component Security. The manipulation leads to 7pk security features (Credentials). The identification of this vulnerability is CVE-2019-1019. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows up to Server 2019. It has been classified as critical. Affected is an unknown function of the component Audio Service. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2019-1021. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Audio Service. The manipulation leads to improper access controls. This vulnerability is known as CVE-2019-1022. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been a test run for a massive new Internet of Things (IoT) botnet capable of launching crippling digital assaults that few web destinations can withstand. Read on for more about the botnet, the attack, and the apparent creator of this global menace.

Researchers noted that they found several similar websites, two of which are still operating and require the same kind of behavior on behalf of the victim.

本文系统介绍了伪随机数生成器MT19937的工作原理，及存在的逆向和随机数预测操作。此外分析了python中random库，并实现了对random库的逆向。

从XSS到"RCE"的PC端利用链构建

CVE-2024-39719 是一个影响 Ollama 0.3.14 及之前版本的文件存在性泄露（File Existence Disclosure）漏洞。该漏洞允许攻击者通过 API 接口探测服务器上特定文件是否存在，从而可能导致信息泄露。

CC11 + Controller 内存马

A vulnerability, which was classified as problematic, was found in Fotoware FotoWeb 6.0. This affects an unknown part. The manipulation of the argument Search leads to cross site scripting. This vulnerability is uniquely identified as CVE-2009-0573. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

如果堆栈不存在的话，就没有必要伪造堆栈了 : )

信息收集端口扫描使用nmap进行端口探测，发现存在22，80，443，41525等端口开放。然后探测具体协议。Web页面访问web页面。发现存在web-INF接口。目录爆破使用工具爆破目录。CVE漏洞搜索发现存在cve-2023-49070漏洞，漏洞原因是：Apache Ofbiz 18.12.09 中的预认证 RCE。这是由于 XML-RPC 不再维护而仍然存在。此问题影响 Apache OF

Currently trending CVE - Hype Score: 12 - The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against ...

java之jdk17反射机制绕过深入剖析问题分析先写一个测试代码，通过反射调用 defineclass 方法加载恶意字节码，然后进行运行的时候发现报错，看报错信息不难发现是在 setAccessible 出的问题，跟进该方法调用了 checkCanSetAccessible 方法，继续跟进看着逻辑有点多，但是发现如果满足下面这几种情况是可以返回 true 就可以进行反射调用了。第一个 if：调用者

A vulnerability was found in Linux Kernel up to 6.12.15/6.13.3. It has been rated as problematic. Affected by this issue is the function msm_ioctl_gem_submit of the component gem. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2024-52559. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.