Aggregator

学网络，尽在网络技术联盟站！

A vulnerability was found in Gimp 2.2.14. It has been rated as critical. Affected by this issue is the function set_color_table of the file sunras.c. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2007-2356. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linbit Linbox Officeserver. It has been classified as critical. Affected is an unknown function of the file admin/user.pl. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2004-1878. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Quantum Art Qp7 Enterprise up to qp7.enterprise. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file news_and_events_new.asp. The manipulation of the argument p_news_id leads to sql injection. This vulnerability is known as CVE-2005-4486. The attack can be launched remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability classified as critical has been found in Gebrauchtwagenreport DEKRA Used Car Report 3.0.0. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-5996. The attack needs to be initiated within the local network. There is no exploit available.

RustPatchlessCLRLoader The RustPatchlessCLRLoader leverages a sophisticated integration of patchless techniques for bypassing both Event Tracing for Windows (ETW) and the Windows Antimalware Scan Interface (AMSI) across all threads with the goal of loading .NET...

The post RustPatchlessCLRLoader: .NET assembly loader with patchless AMSI and ETW bypass appeared first on Penetration Testing Tools.

OSV-Scanner Use OSV-Scanner to find existing vulnerabilities affecting your project’s dependencies. OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them. Since...

The post osv-scanner: find existing vulnerabilities affecting your project’s dependencies appeared first on Penetration Testing Tools.

A vulnerability was found in Ericpol eWUS mobile 1.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-5995. The attack needs to be done within the local network. There is no exploit available.

dissect Dissect is a digital forensics and incident response framework and toolset developed by Fox-IT (part of NCC Group). It allows you to quickly access and analyze forensic artifacts from various disk and file formats....

The post Dissect: The Open-Source Framework for Large-Scale Host Investigations appeared first on Penetration Testing Tools.

SpyAgent 还可以接收来自 C2 的命令，以更改声音设置或发送短信，这些命令很可能用于发送钓鱼短信以传播恶意软件。

A vulnerability was found in Oracle Business Process Management Suite 12.2.1.4.0. It has been classified as critical. Affected is an unknown function of the component Runtime Engine. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2021-34429. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

今天我们来探讨一个近期在安全评估中发现的有趣问题——SeRelabelPrivilege 的滥用。

The Chinese-speaking group is launching sophisticated malware towards military and satellite targets globally.

您有一份周报待查收......

马斯克强调特斯拉上海工厂正在以最大产能运行；华为 Mate XT 非凡大师三折叠手机提供瑞红、玄黑两款配色，以及 16GB+1TB、16GB+512GB 两个存储版本。预约量已突破 200 万。

A vulnerability was found in ding Ding Ezetop. Top-up Any Phone 1.3.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-5994. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Preplaysports MLB Preplay 5.4.2. It has been classified as critical. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-5993. The attack can only be done within the local network. There is no exploit available.

GPUカーネル実装において、情報漏えいの脆弱性が報告されています。