Aggregator

A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. This affects an unknown part. The manipulation of the argument c_name leads to sql injection. This vulnerability is uniquely identified as CVE-2024-12928. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #468120 / VDB-289282

A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. This vulnerability is handled as CVE-2024-12927. The attack may be launched remotely. Furthermore, there is an exploit available.

Bitcoin was founded in 2008 and became legal tender in 2009. It is the first decentralized cryptocur

A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. This vulnerability is known as CVE-2024-12926. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

Submit #468108 / VDB-289281

微软官方博客公布了 MS Edge 浏览器过去一年的一系列统计数字：用户完成了逾百亿次 AI 聊天；自动翻译了 38 万亿个字；休眠标签节省了 7 万亿 MB 内存；在 MSN 上每天浏览

微软官方博客公布了 MS Edge 浏览器过去一年的一系列统计数字：用户完成了逾百亿次 AI 聊天；自动翻译了 38 万亿个字；休眠标签节省了 7 万亿 MB 内存；在 MSN 上每天浏览了逾 8 亿篇文章；使用 Drop 跨设备共享了 4600 万条消息和文件；Bing 日活用户逾 1.4 亿；移动应用屏蔽了逾 1.8 万亿个跟踪程序；Password Monitor 每月保护逾 73 亿个密码；阻止了逾 14 亿次钓鱼攻击...微软表示使用 Edge 购物功能还能省钱。根据 Statcounter 的统计，Edge 内置的 AI 聊天功能对其市场占有率贡献不多，Edge 的市场份额从 2023 年 12 月的 11.9% 提高到了 2024 年 11 月的 12.87%，增幅不到 1%。Chrome 浏览器仍然主导着市场，它从同期的 65.23% 提高到了 66.33%。

Submit #467992 / VDB-289280

Submit #467933 / VDB-289279

A vulnerability classified as critical has been found in Arne Informatics Piramit Automation. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-8950. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Engineering Insights 7.0.2/7.0.3. It has been rated as problematic. This issue affects some unknown processing of the component Engineering Lifecycle Optimization. The manipulation leads to use of web link to untrusted target with window.opener access. The identification of this vulnerability is CVE-2024-39727. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Engineering Insights 7.0.2/7.0.3. It has been declared as problematic. This vulnerability affects unknown code of the component Engineering Lifecycle Optimization. The manipulation leads to information exposure through error message. This vulnerability was named CVE-2024-39725. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Обман под видом полезных инструментов разрушил доверие к популярной платформе.

声明：文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由用户承担全部法

白帽小哥（debu8er）喜欢分享自己的漏洞发现过程，前不久白帽小哥开始在一个VDP（漏洞披露计划）中对 20 个漏洞报告进行分类，在这个过程中，他观看了很多教程视频，其中一个由Sean（zseano

Linux渗透实战之不一样的XSS