Aggregator

A vulnerability categorized as problematic has been discovered in Sambar Server 4.1. This affects an unknown part of the file dumpenv.pl of the component HTTP Request Handler. The manipulation results in information disclosure. This vulnerability was named CVE-1999-1178. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Apache HTTP Server 1.3.1. It has been rated as problematic. This affects an unknown part of the component MIME Header Handler. This manipulation causes denial of service (Sioux). This vulnerability appears as CVE-1999-1199. The attack may be initiated remotely. In addition, an exploit is available. This vulnerability is considered historic because of its background and reception. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in Lincoln D. Stein nph-publish 1.2. This affects an unknown function of the file nph-publish.cgi of the component Foöe Upload Handler. The manipulation of the argument pathname results in path traversal. This vulnerability is cataloged as CVE-1999-1177. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Nlog. It has been declared as critical. This affects an unknown function of the file nlog-smb.pl. The manipulation of the argument ipaddress results in improper privilege management. This vulnerability is identified as CVE-1999-1278. The attack can be executed remotely. There is not any exploit available.

A vulnerability described as problematic has been identified in HP HP-UX 11.00/11.11/11.22. This affects an unknown part of the file rpc.mountd of the component Error Message Handler. The manipulation results in information disclosure. This vulnerability is reported as CVE-1999-1225. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability marked as problematic has been reported in Arpanet perlshop. This issue affects some unknown processing of the file perlshop.cgi of the component Shopping Cart. This manipulation causes information disclosure. The identification of this vulnerability is CVE-1999-1374. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Microsoft IIS 4.0. The affected element is an unknown function of the file fpcount.exe of the component Frontpage Server Extensions. This manipulation causes memory corruption. The identification of this vulnerability is CVE-1999-1376. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

Microsoft has released its Digital Defense Report 2025, documenting a sharp surge in attacks targeting digital identities, the

The post The AI-Powered Threat: Microsoft Reveals Surge in Identity and Nation-State Attacks appeared first on Penetration Testing Tools.

文章介绍了Cloudflare的521错误代码，解释了该错误的原因及其对网站访问的影响，并提供了可能的解决方法。

HackerNews 编译，转载请注明出处： 欧洲刑警组织于周五宣布，已捣毁一个运作 SIM 卡农场的复杂 “网络犯罪即服务”（CaaS）平台。该平台为客户实施钓鱼攻击、投资诈骗等各类犯罪活动提供支持。 这场名为 “SIM 卡卡特尔行动”（Operation SIMCARTEL）的多国执法协作行动，共开展了 26 次搜查，逮捕 7 名嫌疑人，查获 1200 台 SIM 卡盒设备（内含 4 万张在用 SIM 卡）。其中 5 名被拘留者为拉脱维亚公民。 此外，行动还拆除了 5 台服务器，并于 2025 年 10 月 10 日接管了用于宣传该服务的两个网站 ——gogetsms [.] com 和 apisim [.] com，目前这两个网站已显示查封横幅。同时，执法人员查扣 4 辆豪华汽车，冻结嫌疑人银行账户资金 43.1 万欧元（约合 50.2 万美元）、加密货币账户资金 26.6 万欧元（约合 31 万美元）。 参与行动的国家与造成的损失 此次行动由奥地利、爱沙尼亚、芬兰、拉脱维亚四国执法部门牵头，欧洲刑警组织（Europol）与欧洲司法组织（Eurojust）协同参与。 据欧洲刑警组织透露，该犯罪网络已被证实与奥地利 1700 多起独立网络诈骗案、拉脱维亚 1500 多起独立网络诈骗案相关。这两个国家因此遭受的损失分别约为 450 万欧元（约合 525 万美元）和 42 万欧元（约合 48.9 万美元）。 该机构表示：“这个犯罪网络及其基础设施具备高度技术复杂性，使得全球范围内的犯罪者能够利用这项 SIM 卡盒服务，实施各类与电信相关的网络犯罪及其他犯罪活动。” 犯罪网络的运作模式与危害 该犯罪基础设施提供注册于 80 多个国家 / 地区的电话号码，供犯罪活动使用，包括在社交媒体和通信平台上创建虚假账户。其主要目的是隐藏犯罪者的真实身份与所在位置。据悉，通过该服务创建的在线虚假账户累计已超过 4900 万个。 这些虚假账户随后被用于实施钓鱼攻击和短信钓鱼攻击（smishing），并通过诱骗受害者向虚假交易计划投入资金来进行金融诈骗。另一种诈骗手法是，犯罪者在 WhatsApp 上冒充受害者的子女，谎称更换了新号码，以 “紧急情况” 为由要求对方转账，金额通常在四位数（欧元）级别。 此外，借助该平台还可能实施敲诈勒索、移民走私、传播儿童性虐待材料（CSAM）等其他犯罪行为。 涉事网站的宣传与用户反馈 从互联网档案馆（Internet Archive）存档的页面可见，GoGetSMS 网站曾将自身宣传为 “快速、安全获取临时电话号码” 的渠道，声称提供超过 1000 万个电话号码，可接收来自 160 多个在线服务的验证码。 GoGetSMS 网站还在页面上推广 “将现有 SIM 卡变现” 的功能，声称通过其 “专用软件” 可将 SIM 卡转化为 “创造被动收入的有力资产”，SIM 卡持有者每接收一条短信就能获得收益。 在评论网站 Trustpilot 上，该平台的付费用户抱怨 “无法获取可用的临时电话号码”。一名用户称，自己在该平台上付费购买了美国号码，却未得到可用的号码，“尝试了多次，既浪费时间又浪费钱。客服完全无回应 —— 不给帮助、不退款，什么都没有。” 拉脱维亚国家警察局在联合声明中指出，该平台专为 “匿名通信与匿名支付” 设计，已对多个国家的 3200 人造成影响。   消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Microsoft has unveiled a new tool designed to assess the effectiveness of artificial intelligence in cybersecurity. The platform,

The post Beyond Chatbots: Microsoft’s New Tool Measures if AI Can Think Like a Cyber Analyst appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, has been found in PHPOpenChat. The affected element is an unknown function of the file ENGLISH_poc.php. This manipulation of the argument poc_root_path causes file inclusion. This vulnerability appears as CVE-2005-0862. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as problematic has been found in PHPOpenChat 3.0.0/3.0.1/3.0.2. This affects an unknown function of the file regulars.php. Performing manipulation of the argument chatter results in basic cross site scripting. This vulnerability is identified as CVE-2005-0863. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability identified as critical has been detected in Phpoutsourcing Zorum 3.5. Impacted is an unknown function of the file gorum/prod.php. This manipulation of the argument argv causes memory corruption. The identification of this vulnerability is CVE-2005-2651. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in PHPOpenChat 2.3.4/3.0.1. The impacted element is an unknown function of the file poc_loginform.php of the component Login. Such manipulation of the argument sourcedir leads to file inclusion. This vulnerability is referenced as CVE-2005-0862. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as critical was found in PHPOpenChat. Impacted is an unknown function of the file poc.php. The manipulation of the argument poc_root_path results in file inclusion. This vulnerability is reported as CVE-2005-0862. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in PHPNews 1.2.3/1.2.4. Affected by this vulnerability is an unknown functionality of the file auth.php. The manipulation of the argument path results in file inclusion. This vulnerability is cataloged as CVE-2005-0632. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in PHPNews 1.2.5. Affected is an unknown function of the file auth.php. The manipulation of the argument User leads to sql injection. This vulnerability is documented as CVE-2005-2383. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component.

The October security updates for Windows 11 unexpectedly disrupted local HTTP/2 connections, causing applications to malfunction when attempting

The post Critical Windows 11 Update Breaks Localhost HTTP/2 Connections appeared first on Penetration Testing Tools.

The U.S. cybersecurity agency CISA has added a critical, actively exploited flaw in Adobe Experience Manager to its

The post CISA Warning: Critical Adobe Flaw Rated 10/10 Under Active Attack appeared first on Penetration Testing Tools.