Aggregator

A vulnerability has been found in 1Panel up to 2.0.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTTPS Protocol Handler. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2025-54424. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netgear SPH200D up to 1.0.4.80. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GET Request Handler. The manipulation leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2013-10063. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Linksys E1500 1.0.00/1.0.04/1.0.05. It has been classified as critical. Affected is an unknown function of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument next_page leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2013-10062. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-615H1 up to 8.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file tools_vct.htm of the component Web Interface. The manipulation of the argument ping_ipaddr leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2013-10059. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Synactis PDF In-The-Box. It has been classified as critical. This affects the function ConnectToSynactis in the library PDF_IN_1.ocx. The manipulation of the argument ldCmdLine leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2013-10057. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Netgear DGN2200B 1.0.0.36_7.0.36. This vulnerability affects unknown code of the file pppoe.cgi. The manipulation of the argument pppoe_username leads to os command injection. This vulnerability was named CVE-2013-10060. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Netgear DGN1000B 1.1.00.24/1.1.00.45 and classified as critical. This issue affects some unknown processing of the file setup.cgi. The manipulation of the argument TimeToLive leads to os command injection. The identification of this vulnerability is CVE-2013-10061. The attack may be initiated remotely. Furthermore, there is an exploit available.

微软计划逐步开源Windows 11用户界面框架WinUI；Google将保留活跃goo.gl短链接；微软结束对Windows 11 SE的支持；小米开源声音理解大模型MiDashengLM-7B；OpenAI为ChatGPT增加长时间使用提醒；Cloudflare指控Perplexity违规抓取网站内容；传言称折叠款iPad推迟至2028年发布；马斯克重建Vine视频存档入口；DJI Mini 5 Pro渲染图曝光。

总有失陷主机定位不了……

BEE·bot OSINT automation for hackers. BBOT is a recursive, modular OSINT framework written in Python. It is capable of executing the entire OSINT process in a single command, including subdomain enumeration, port scanning, web screenshots (with its gowitness module),...

The post bbot: OSINT automation for hackers appeared first on Penetration Testing Tools.

The prominent German firm Einhaus Group, renowned for its specialization in mobile device insurance and servicing, has formally announced the commencement of bankruptcy proceedings. The downfall was precipitated by a cyberattack in March 2023,...

The post The Ransomware That Never Ends: Einhaus Group Collapses After Paying Royal’s $230K Ransom appeared first on Penetration Testing Tools.

Sean Cairncross Confirmed in 59-35 Senate Vote Despite Lacking Technical Experience
The United States has a new national cyber director after a tense Senate vote ended months of political and procedural delays, allowing the Trump administration to push forward with its sweeping overhaul of federal cybersecurity priorities.

Security Experts Call for Coordinated Autonomy Over Complete Integration
One team quotes Shakespeare. The other speaks in Morse Code. Now, imagine forcing them to write a play together. Yet IT and OT organizations are being asked to work as one. Is full integration really possible, or should we keep them at respectful distance for security reasons?

Orange Cyberdefense's Dominic Trott on Investor Hesitancy, Geopolitical Obstacles
The United Kingdom has a strong track record of supporting startups and building successful organizations, but U.K. cybersecurity startups still face hurdles, said Dominic Trott, director of strategy and alliances for the U.K. region at Orange Cyberdefense.

Threat Actor Maintains Long-Term Stealthy Access
Chinese nation-state hackers penetrated mobile telecom networks across Southeast Asia likely in order to track individuals' location, say security researchers. One tell about the hackers' intentions was deployment of a custom-made network scanning and packet capture utility tracked as CordScan.

一键下载《职业院校智慧校园规范（试行）》。