Submit #443194: sourcecodester Online Eyewear Shop Website v1.0 XSS [Accepted]
Submit #443194 / VDB-284683
Aggregator
app Miner挖矿木马活动分析
10 months ago
近期,安天CERT监测到一起挖矿木马攻击事件,该挖矿木马从2024年3月开始出现,并持续更新攻击脚本。
Submit #443189: code-projects farmacia-in-php 1 Cross Site Scripting [Accepted]
10 months ago
Submit #443189 / VDB-284682
curry136
Submit #443188: code-projects farmacia-in-php system v1.0 SQL Injection [Accepted]
10 months ago
Submit #443188 / VDB-284681
WEFNNTT
Submit #443177: code-projects farmacia-in-php v1.0 sql injection [Accepted]
10 months ago
Submit #443177 / VDB-284680
zsx020121
CVE-2024-11243 | code-projects Online Shop Store 1.0 /signup.php m2 cross site scripting
10 months ago
A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2024-11243. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-11242 | ZZCMS 2023 Keyword Filtering ad_list.php?action=pass keyword sql injection
10 months ago
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ad_list.php?action=pass of the component Keyword Filtering. The manipulation of the argument keyword leads to sql injection.
This vulnerability is handled as CVE-2024-11242. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
中国的机器人革命迫使劳动力作出改变
10 months ago
中国已成为世界最大的工业机器人市场,去年中国安装了逾 276,000 台机器人,占全球的半数以上。过去大部分工业机器人都是进口的,主要是来自日本、德国和美国。如今中国企业越来越多地采用国产机器人,国产型号的价格通常是进口型号的一小部分,有助于降低成本,但问题是谁来操纵这些智能机器?中国制造业严重依赖于总数不足 3 亿的农民工,而他们的平均教育水平虽然在缓慢提高,但其中 52% 的农民工只接受过中学教育,14% 只接受过小学教育。研究人员发现,低教育水平的农民工最有可能被机器人取代。农民工也越来越多的转向薪酬更低的服务业。官方统计数据显示,2023 年 28% 的农民工从事制造业,54% 从事服务业。中国有大量接受良好教育的工程师和技术工人。他们仍然需要接受培训才能使用工业机器人。
CVE-2024-11241 | code-projects Job Recruitment 1.0 reset.php e sql injection
10 months ago
A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection.
This vulnerability is known as CVE-2024-11241. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #442075: code-projects Online Shop Store 1.0 Cross Site Scripting [Accepted]
10 months ago
Submit #442075 / VDB-284679
sh3rl0ckpgp
Submit #442038: ZZCMS 2023 SQL Injection [Accepted]
10 months ago
Submit #442038 / VDB-284678
NLow6jRm5wxb3RNyziGE
CVE-2024-45784 | Apache Airflow up to 2.10.2 Task Log log file
10 months ago
A vulnerability was found in Apache Airflow up to 2.10.2. It has been classified as problematic. Affected is an unknown function of the component Task Log. The manipulation leads to sensitive information in log files.
This vulnerability is traded as CVE-2024-45784. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Submit #442036: code-projects Job-recruitment-in-php v1.0 Sql Injection And write Trojans [Accepted]
10 months ago
Submit #442036 / VDB-284677
TTMSTW
Кошмар криптотрейдера: ошибка на $26 миллионов и отчаянный призыв о помощи
10 months ago
Стоит ли доверять системе, где всего одна оплошность может привести к потере целого состояния?
CVE-2024-11240 | IBPhoenix ibWebAdmin up to 1.0.2 Banco de Dados Tab /database.php db_login_role cross site scripting
10 months ago
A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /database.php of the component Banco de Dados Tab. The manipulation of the argument db_login_role leads to cross site scripting.
The identification of this vulnerability is CVE-2024-11240. The attack may be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-11239 | Landray EKP up to 16.0 API Interface import.do?method=deleteFile folder path traversal
10 months ago
A vulnerability has been found in Landray EKP up to 16.0 and classified as critical. This vulnerability affects the function deleteFile of the file /sys/common/import.do?method=deleteFile of the component API Interface. The manipulation of the argument folder leads to path traversal.
This vulnerability was named CVE-2024-11239. The attack can be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-11238 | Landray EKP up to 16.0 sysUiComponent.do?method=delPreviewFile directoryPath path traversal
10 months ago
A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sys_ui_component/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal.
This vulnerability is uniquely identified as CVE-2024-11238. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
每周勒索威胁摘要
10 months ago
1. Hunters勒索团伙公布新的受害公司
2. Everest勒索团伙公布新的受害公司
3. Meow勒索团伙公布受害公司数据
Submit #438471: ibwebadmin <= 1.0.2 Cross Site Scripting [Accepted]
10 months ago
Submit #438471 / VDB-284675
gabriel
Submit #438784: Shenzhen Landray Software Co.,LTD. EKP <= v16.0 Directory traversal [Accepted]
10 months ago
Submit #438784 / VDB-284674
CoinIsMoney