Aggregator

A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-3008. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. This vulnerability is known as CVE-2024-3009. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this issue is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-3010. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-3011. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda FH1205 2.0.0.7(775). It has been declared as critical. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. This vulnerability was named CVE-2024-3012. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /src/dede/member_rank.php. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-3143. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in DedeCMS 5.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /src/dede/makehtml_spec.php. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-3144. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda FH1203 2.0.1.6. It has been classified as critical. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-2993. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda FH1203 2.0.1.6. It has been declared as critical. Affected by this vulnerability is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-2994. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

by Computational Technology for AllJanuary 16th, 2025Too Long; Didn't ReadIntroducing the members

HackerNews 编译，转载请注明出处： 与朝鲜关联的Lazarus Group被指为针对寻找Web3和加密货币领域自由职业的软件开发者发起新一轮网络攻击行动——“Operation 99”，旨在传播恶意软件。 SecurityScorecard公司威胁研究与情报高级副总裁Ryan Sherstobitoff在今日发布的一份新报告中指出：“该行动始于假扮成招聘人员在领英等平台发布信息，以项目测试和代码审查为诱饵吸引开发者。” “一旦受害者上钩，他们就会被引导克隆一个看似无害实则暗藏危机的恶意GitLab仓库。克隆的代码会连接到命令与控制（C2）服务器，从而将恶意软件植入受害者环境。” 该行动受害者遍布全球，其中意大利受害者最为集中。阿根廷、巴西、埃及、法国、德国、印度、印度尼西亚、墨西哥、巴基斯坦、菲律宾、英国和美国等地也有少量受害者。 该网络安全公司表示，其于2025年1月9日发现的这一行动建立在Lazarus Group此前攻击中使用的以工作为主题的战术基础上，如“Operation Dream Job”（又称NukeSped），此次行动特别针对Web3和加密货币领域的开发者。 “Operation 99”的独特之处在于，它通过一个精心设计的招聘计划诱骗开发者参与编码项目，该计划涉及制作虚假的领英账号，然后将开发者引导至恶意GitLab仓库。 攻击的最终目的是部署数据窃取植入程序，从开发环境中提取源代码、密钥、加密货币钱包密钥和其他敏感数据。 这些程序包括Main5346及其变体Main99，它们作为另外三个有效载荷的下载器—— Payload99/73（及其功能相似的Payload5346），用于收集系统数据（如文件和剪贴板内容）、终止网页浏览器进程、执行任意操作并建立与C2服务器的持久连接； Brow99/73，用于从网页浏览器中窃取数据，以促进凭据盗窃； MCLIP，用于实时监控和窃取键盘和剪贴板活动。 该公司表示：“通过攻击开发者账户，攻击者不仅窃取知识产权，还能访问加密货币钱包，从而实现直接财务盗窃。针对私钥和密钥的定向盗窃可能导致数百万数字资产被盗，进而推动Lazarus Group的财务目标。” 该恶意软件架构采用模块化设计，灵活且适用于Windows、macOS和Linux操作系统。这也凸显了国家网络威胁不断演变和适应的本质。 “对于朝鲜而言，黑客攻击是创造收入的生命线，”Sherstobitoff表示，“Lazarus Group持续将窃取的加密货币用于支持该政权的野心，积累了惊人的资金。随着Web3和加密货币行业的蓬勃发展，‘Operation 99’行动聚焦于这些高增长领域。”   消息来源：The Hacker News, 编译：zhongx；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

在红队渗透测试的过程中，数据库信息往往是关键突破口之一。许多 Web 应用程序将数据库连接字符串、账号和密码等敏感信息存储在配置文件中，而开发者往往忽视了对这些文件的加密和保护措施。本文我们将利用 S

01.NET漏洞背景微软的.NET技术广泛应用于全球企业级产品，包括其知名的Exchange、SharePoint等，国内如某友的Cloud、某通的T系列、某蝶的云产品等也广泛采用。各行业核心业务均依

LogonUserA 和 ImpersonateLoggedOnUser 是强大的 Windows API，允许程序以指定用户的身份操作。攻击者利用这些函数可模拟合法用户权限，用于横向移动或访问敏感资

Table of LinksAbstract and 1 Introduction2 Background3 On the slow growth law4 Members of Deep Π

error code: 521