漏洞管理“扫雷”之动态优先级技术
企业漏洞管理常因静态白名单埋下“雷区”,由于历史漏洞被攻破或通报殊为可惜。基于漏洞情报的动态优先级技术能够实现动态“扫雷”。
Aggregator
为什么说密码时代快结束了?
2 months 2 weeks ago
密码正在变得越来越过时,但这并不是一件坏事。对于IT专业人士来说,密码一直以来都是一把双刃剑。
漏洞管理“扫雷”之动态优先级技术
2 months 2 weeks ago
企业漏洞管理常因静态白名单埋下“雷区”,由于历史漏洞被攻破或通报殊为可惜。基于漏洞情报的动态优先级技术能够实现动态“扫雷”。
为什么说密码时代快结束了?
2 months 2 weeks ago
密码正在变得越来越过时,但这并不是一件坏事。对于IT专业人士来说,密码一直以来都是一把双刃剑。
特定基因让花散发出臭味
2 months 2 weeks ago
有些植物吸引传粉媒介的方式并非依靠馥郁的甜香,而是浓烈的腐臭。一项新研究展示了植物是如何成功做到这一点的。研究人员报告,在细辛属植物(Asarum)的花朵中,一种通常用于解毒恶臭化合物的基因反而会演化出产生难闻气味的功能。这些发现揭示了植物会如何利用广泛保守的代谢途径来获取生态优势。气味难闻花朵的一个关键特征是它们会释放挥发性的恶臭化合物,特别是二甲基二硫 (DMDS) 和二甲基三硫 (DMTS) 等寡聚硫化物。这些化合物会模拟腐烂物质所发出的化学信号。这些演变出来的特性为了吸引各类传粉昆虫。
CVE-2006-0586 | Oracle Database SYS.KUPV$FT_INT sql injection (EDB-3179 / XFDB-24197)
2 months 2 weeks ago
A vulnerability has been found in Oracle Database and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument SYS.KUPV$FT_INT leads to sql injection.
This vulnerability is known as CVE-2006-0586. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code
2 months 2 weeks ago
SonicWall addressed three SMA 100 flaws, including a potential zero-day, that could allow remote code execution if chained. SonicWall patches three SMA 100 vulnerabilities (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821), including a potential zero-day, that could be chained by a remote attacker to execute arbitrary code. The first flaw, tracked as CVE-2025-32819 (CVSS score of 8.8), is […]
Pierluigi Paganini
奇安信再次入选全球《静态应用安全测试解决方案全景图》代表厂商
2 months 2 weeks ago
凭借精准的市场洞察、过硬的技术能力和优秀的产品能力,奇安信成为亚太区少数入选的三家厂商之一。“AI+代码卫士” 试用地址:https://sast.qianxin.com
奇安信再次入选全球《静态应用安全测试解决方案全景图》代表厂商
2 months 2 weeks ago
凭借精准的市场洞察、过硬的技术能力和优秀的产品能力,奇安信成为亚太区少数入选的三家厂商之一。“AI+代码卫士” 试用地址:https://sast.qianxin.com
Продуктивность растёт, а уважение падает — новая ловушка для фанатов ИИ
2 months 2 weeks ago
Ты продуктивен с ИИ, но для начальника — просто хитрый бездельник.
印度要求 X 在其境内屏蔽逾 8000 个账号
2 months 2 weeks ago
印度政府下令 X/Twitter 对印度用户屏蔽逾 8000 个账号,否则可能会面临巨额罚款,甚至可能拘留 X 在印度办事处的员工。被屏蔽的账号包括知名的国际新闻机构,而印度政府也没有给出屏蔽理由。X 表示它将遵守命令开始屏蔽相关账号。此举可能与印度和巴基斯坦之间的武装冲突有关,印度政府试图控制对这起冲突的叙事。
jdk17的高版本jndi绕过导致文件写入新思路
2 months 2 weeks ago
在一次CTF比赛中的0解题是如何利用jndi注入导致文件写入最终RCE的呢?请看我慢慢道来
CVE-2007-2065 | ActionPoll 1.1.1 CONFIG_DATAREADERWRITER file inclusion (EDB-28872 / BID-20788)
2 months 2 weeks ago
A vulnerability, which was classified as critical, was found in ActionPoll 1.1.1. Affected is an unknown function. The manipulation of the argument CONFIG_DATAREADERWRITER leads to file inclusion.
This vulnerability is traded as CVE-2007-2065. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
实战-漏洞挖掘
2 months 2 weeks ago
No.1挖洞过程通过信息收集获得了某个学生的身份证后四位,再通过爆破尝试获得了后6位并登录成功登录该校办事大
实战-漏洞挖掘
2 months 2 weeks ago
No.1挖洞过程通过信息收集获得了某个学生的身份证后四位,再通过爆破尝试获得了后6位并登录成功登录该校办事大
实战-漏洞挖掘
2 months 2 weeks ago
No.1挖洞过程通过信息收集获得了某个学生的身份证后四位,再通过爆破尝试获得了后6位并登录成功登录该校办事大
Кандидат молчал, ИИ повторял бред — собеседование с ботом напомнило обряд изгнания демона
2 months 2 weeks ago
Девушка просто хотела найти работу, но вместо этого прошла тест на ментальную выносливость.
Image OSINT 2025: полный справочник сервисов для поиска, анализа и редактирования изображений
2 months 2 weeks ago
Как использовать фотографии в расследованиях и проверке фактов.
CVE-2020-6446 | Google Chrome up to 80.0.3987.162 Content Security Policy HTML Page default permission (FEDORA-2020-0e7f1b663b)
2 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Google Chrome. This affects an unknown part of the component Content Security Policy. The manipulation as part of HTML Page leads to incorrect default permissions.
This vulnerability is uniquely identified as CVE-2020-6446. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2020-6447 | Google Chrome up to 80.0.3987.162 Developer Tools HTML Page memory corruption (FEDORA-2020-0e7f1b663b)
2 months 2 weeks ago
A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component Developer Tools. The manipulation as part of HTML Page leads to memory corruption.
This vulnerability was named CVE-2020-6447. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com