Aggregator

新闻速览 •工信部CSTIS提醒：防范Redox Stealer恶意软件的风险 •欧盟投资13亿欧元推动人工智 […]

智能化安全运营（ISOC）在国内正迎来高速发展，市场需求强劲、竞争激烈，ISOC市场正迎来令人振奋的发展前景。 […]

ESXi Testing Toolkit A command-line utility designed to help security teams test detections deployed in ESXi environments. It takes heavy inspiration from Atomic Red Team but provides ESXi-specific enhancements and a simpler user experience....

The post ESXi Testing Tookit: Simple and easy to use CLI tool to test ESXi detections appeared first on Penetration Testing Tools.

Transportation facilities and networks slowly adapt to changes and threats, leaving them vulnerable to agile cyberattackers, as demonstrated by the $10 million ransomware attack.

不出网渗透测试

A vulnerability was found in Matomo Plugin up to 4.15.3 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument idsite leads to cross site scripting. The identification of this vulnerability is CVE-2023-6923. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Hoppscotch 2023.4.5 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument TeamName leads to improper input validation. This vulnerability is known as CVE-2024-27092. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Heureka Group Heureka Plugin up to 1.0.8 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-25931. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Manish Kumar Agarwal Change Table Prefix Plugin up to 2.0 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-25932. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Metaswitch cassandra-rs up to 2.x. This affects an unknown part. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-27284. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM Watson CloudPak for Data Data Stores 4.6.0. This affects an unknown part. The manipulation leads to use of web browser cache containing sensitive information. This vulnerability is uniquely identified as CVE-2023-27545. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in swftools 0.9.2. It has been declared as critical. This vulnerability affects the function s_font of the file swftools/src/swfc.c. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-26337. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in swftools 0.9.2. Affected is the function compileSWFActionCode in the library swftools/lib/action/actioncompiler.c. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-26334. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Photos and Files Contest Gallery Plugin up to 21.3.0 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1487. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in DedeCMS 5.7. This vulnerability affects unknown code of the component Create File Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-28683. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. Affected is an unknown function of the file /dede/article_edit.php. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-28676. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in DedeCMS 5.7. It has been classified as problematic. Affected is an unknown function of the file /dede/stepselect_main.php. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-28671. It is possible to launch the attack remotely. There is no exploit available.

在.NET安全中，SQL注入攻击一直是安全领域的一个重要话题。