Aggregator

A vulnerability was found in Scriptdemo PHP-Lance 1.52. It has been classified as critical. Affected is an unknown function of the file show.php. The manipulation of the argument catid leads to sql injection. This vulnerability is traded as CVE-2008-4716. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Tufat MyCard 1.0.2. This affects an unknown part of the file gallery.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2008-4738. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as very critical has been found in Yoxel. Affected is an unknown function of the file itpm_estimate.php. The manipulation of the argument proj_id leads to code injection. This vulnerability is traded as CVE-2008-5071. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in PlugSpace 0.1 and classified as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument navi leads to path traversal. This vulnerability was named CVE-2008-4739. The attack can be initiated remotely. Furthermore, there is an exploit available.

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 北京天融信网络安全技术有限公司 王永 高彦恺 郑晨璐近年来，勒索攻击的手段不断演变，从最初的简单文件加密发展到现

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063国际网安快讯第35期热点速览一、政策动态1. “五眼联盟”发布《安全创新》指南2. 美CISA发布首个国际网络安全战略计

A vulnerability has been found in Apple watchOS up to 5.3.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Foundation. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2019-8641. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

error code: 1106

Incident Responders Say Disruptions Help, See No Spike in Median Ransom Payments
For anyone dreaming of law enforcement agencies arresting ransomware bigwigs, or intelligence agencies taking them out with drone strikes, keep on hoping. But here's good news: ransom payments haven't skyrocketed, as disruptions by law enforcement appear to be having an impact.

Testimony Request Targets Cybersecurity Concerns Raised by Ex-SolarWinds Engineer
In its fraud case against SolarWinds, the SEC is pursuing testimony from former SolarWinds engineer Robert Krajcir - who lives in the Czech Republic - to address claims of lax cybersecurity practices. SolarWinds - which is also representing Krajcir - has until Friday to respond to the SEC's motion.