Aggregator

关于如何做科研的一些个人经验 by ourren

更多最新文章，请访问SecWiki

A vulnerability was found in Supasite. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_users.php. The manipulation of the argument supa[db_path] leads to code injection. This vulnerability is handled as CVE-2007-2185. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability was found in Supasite. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file admin_topics.php. The manipulation of the argument supa[db_path] leads to code injection. This vulnerability is known as CVE-2007-2185. The attack needs to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in IBM MQ Operator 2.0.26/3.2.4. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled memory allocation. This vulnerability is known as CVE-2024-40680. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in IBM MQ Operator 2.0.26/3.2.4. Affected is an unknown function of the component Queue Manager. The manipulation leads to incorrect privilege assignment. This vulnerability is traded as CVE-2024-40681. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Maximo Application Suite 8.10/8.11/9.0. It has been rated as problematic. This issue affects some unknown processing of the component Manage Component. The manipulation leads to risky cryptographic algorithm. The identification of this vulnerability is CVE-2024-37068. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target

A vulnerability classified as critical has been found in tcpdump up to 4.9.1. This affects the function parse_elements of the file print-802_11.c of the component IEEE 802.11 Parser. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-13008. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

参考 Fuzzing101 with LibAFL - Part I: Fuzzing Xpdf1 和 Fuzzing101 with LibAFL - Part I.V: Speed Improvements to Part I2 做一下笔记。libafl 的自由度相当高，我觉得学习路线会比较陡峭，这一次我就不求甚解一波。 复现 先下载 xpdf cd fuzzing-101-solutions/exercise-1 wget dl.xpdfreader.com/old/xpdf-3.02.tar.gz tar xvf xpdf-3.02.tar.gz rm xpdf-3.02.tar.gz...

参考 Fuzzing101 with LibAFL - Part I: Fuzzing Xpdf1 和 Fuzzing101 with LibAFL - Part I.V: Speed Improvements to Part I2 做一下笔记。libafl 的自由度相当高，我觉得学习路线会比较陡峭，这一次我就不求甚解一波。 复现 先下载 xpdf ...

参考 Fuzzing101 with LibAFL - Part I: Fuzzing Xpdf1 和 Fuzzing101 with LibAFL - Part I.V: Speed Improvements to Part I2 做一下笔记。libafl 的自由度相当高，我觉得学习路线会比较陡峭，这一次我就不求甚解一波。 复现 先下载 xpdf ...

A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. [...]

A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. [...]

Two men have been indicted in the U.S. for their alleged involvement in managing a dark web marketp

SpaceX 本周部署了第 7,000 颗 Starlink 卫星，Starlink 星座的卫星总数量占到了全部活跃卫星的近三分之二。根据跟踪卫星的非盈利组织 CelesTrak 的数据，Starlink 在低地球轨道上有 6,370 颗活跃卫星，还有数百颗卫星非活跃或脱离轨道。它的数量在三年内增长了六倍多，占到了全部活跃卫星数量的 62%，是竞争对手 OneWeb 的 10 倍。SpaceX 计划发射多达 42,000 颗卫星，提供覆盖全球的卫星宽带服务，它目前有逾 300 万用户。

Как идеи одного математика изменили будущее науки.

A vulnerability classified as critical has been found in Freediyhomeimprovement Social Networking 0.33.13320.99980. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-5937. The attack needs to be approached within the local network. There is no exploit available.

Authors/Presenters:Ruiyi Zhang, Taehyun Kim, Daniel Weber, Michael Schwarz

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels appeared first on Security Boulevard.

A vulnerability was found in Supasite. It has been classified as critical. Affected is an unknown function of the file admin_news.php. The manipulation of the argument supa[db_path] leads to memory corruption. This vulnerability is traded as CVE-2007-2185. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical was found in Apple macOS up to 10.13.1. This vulnerability affects unknown code of the component tcpdump. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-13007. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.