Aggregator

Schneider Electricが提供するEcoStruxure Power Build Rapsodyには、スタックベースのバッファオーバーフローの脆弱性が存在します。

A vulnerability, which was classified as problematic, has been found in IBM Navigator Mobile Android 3.4.1.1/3.4.1.2. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-38388. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in OpenCart 3.x. Affected is an unknown function of the file index.php?route=extension/module/so_newletter_custom_popup/newsletter of the component Newsletter Custom Popup. The manipulation of the argument email leads to sql injection. This vulnerability is traded as CVE-2022-41403. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in F-Secure/WithSecure Product. Affected by this issue is some unknown functionality in the library aerdl.dll of the component Unpacker. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-28887. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01. This affects the function formWifiBasicSet. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-42079. The attack can only be done within the local network. There is no exploit available.

A vulnerability has been found in Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument sched_start_time leads to heap-based buffer overflow. This vulnerability was named CVE-2022-42080. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Dropbear up to 2020.81. It has been classified as critical. Affected is an unknown function of the component Non-RFC-compliant Check. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2021-36369. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 and classified as problematic. This issue affects the function fromSysToolReboot. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2022-42077. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Tenda US_AC1206V1.0RTL_V15.03.06.23_multi_TD01. It has been classified as problematic. Affected is the function fromSysToolRestoreSet. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2022-42078. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Boodskap IoT Platform 4.4.9-02 and classified as critical. This vulnerability affects unknown code of the file /api/user/upsert/<uuid> of the component Request Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2022-35135. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Boodskap IoT Platform 4.4.9-02 and classified as critical. This issue affects some unknown processing of the component API Request Handler. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2022-35136. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Boodskap IoT Platform 4.4.9-02. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-35134. The attack may be initiated remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 斯洛伐克网络安全公司ESET最新研究发现，与俄罗斯有关联的威胁组织通过跨站脚本（XSS）漏洞对Roundcube、Horde、MDaemon和Zimbra等主流邮件系统实施网络间谍活动，其中针对MDaemon的漏洞在攻击初期属于零日漏洞。该行动被命名为“Operation RoundPress”，研究人员以中等置信度将其归因于俄罗斯政府支持的黑客组织APT28（又名BlueDelta、Fancy Bear、Sednit）。 ESET研究员Matthieu Faou在向《黑客新闻》提供的报告中指出：“此次行动的核心目标是窃取特定邮箱账户的机密数据。主要受害者集中于东欧政府机构及军工企业，但我们也观察到非洲、欧洲和南美洲的政府部门同样遭到攻击。”这并非APT28首次利用邮件系统漏洞——2023年6月，Recorded Future曾披露该组织滥用Roundcube的三个历史漏洞（CVE-2020-12641、CVE-2020-35730和CVE-2021-44026）进行侦察和数据收集。 自2023年以来，Winter Vivern、UNC3707（即GreenCube）等其他威胁组织也持续针对邮件系统发起攻击。ESET将RoundPress行动与APT28建立关联的依据包括：钓鱼邮件发件地址的重叠性，以及服务器配置手法的相似性。2024年的攻击目标主要涉及乌克兰政府机构、保加利亚与罗马尼亚的军工企业（部分企业正在为乌克兰生产苏制武器），其他受害者还包括希腊、喀麦隆、厄瓜多尔、塞尔维亚和塞浦路斯的政府、军事及学术机构。 攻击者通过Horde、MDaemon和Zimbra的XSS漏洞在网页邮箱界面执行任意JavaScript代码。值得注意的是，美国网络安全与基础设施安全局（CISA）已于2024年2月将Roundcube漏洞CVE-2023-43770列入已知被利用漏洞（KEV）目录。虽然Horde（2007年发布的Horde Webmail 1.0已修复的未公开旧漏洞）、Roundcube和Zimbra（CVE-2024-27443）的漏洞均属于已公开补丁的缺陷，但MDaemon的XSS漏洞（CVE-2024-11182，CVSS评分5.3）在被利用时尚未修复，该漏洞已于2023年11月发布的24.5.1版本完成修补。 Faou解释道：“Sednit通过电子邮件发送这些XSS漏洞利用程序。恶意JavaScript代码会在浏览器运行的网页邮箱客户端中执行，因此攻击者仅能读取和窃取受害者账户权限内的数据。”不过，攻击成功的必要条件是受害者需在存在漏洞的网页邮箱界面打开邮件，且邮件需绕过垃圾邮件过滤器进入收件箱。由于触发XSS漏洞的恶意代码隐藏在邮件正文的HTML代码中，邮件本身内容看起来完全正常。 漏洞成功利用后，名为SpyPress的混淆JavaScript有效载荷将执行窃取邮箱凭证、邮件内容和联系人信息的操作。该恶意软件虽不具备持久化机制，但每次打开被篡改的邮件时都会重新加载。ESET补充指出：“我们还检测到部分SpyPress.ROUNDCUBE变种具备创建Sieve规则的能力。该规则会将所有新邮件的副本转发至攻击者控制的邮箱地址，由于Sieve规则是Roundcube的固有功能，即使恶意脚本停止运行，规则仍将持续生效。” 窃取的数据通过HTTP POST请求发送至硬编码的命令与控制（C2）服务器。某些恶意软件变种还能捕获登录记录、双因素认证（2FA）代码，甚至为MDAEMON创建应用密码，确保在用户修改密码或2FA代码后仍能维持邮箱访问权限。Faou警告称：“过去两年间，Roundcube和Zimbra等网页邮箱服务器已成为Sednit、GreenCube和Winter Vivern等多个间谍组织的重点目标。由于许多机构未能及时更新邮件系统补丁，加之攻击者仅需发送邮件即可远程触发漏洞，此类服务器极易沦为邮件窃取的跳板。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in Microsoft Windows up to Vista. Affected is an unknown function of the component OpenType Font Parser. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2015-2458. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pages/credit_transaction_add.php. The manipulation of the argument prod_name leads to sql injection. This vulnerability is handled as CVE-2025-4716. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /drive.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-4721. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. This vulnerability is traded as CVE-2025-4728. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Red Hat OpenShift GitOps. Affected by this issue is some unknown functionality of the component ArgoCD. The manipulation leads to exposure of resource. This vulnerability is handled as CVE-2024-13484. Local access is required to approach this attack. There is no exploit available.

HackerNews 编译，转载请注明出处： 奥地利隐私非营利组织noyb（none of your business，意为“不关你的事”）已向Meta爱尔兰总部发出停止侵权函，警告若该公司坚持在未获得用户明确选择加入（opt-in）授权的情况下，继续使用用户数据训练其人工智能模型，将面临集体诉讼。 此举发生在该社交媒体巨头宣布新计划数周后。Meta曾于2024年6月在爱尔兰数据监管机构关切下暂停相关计划，现宣布将于2025年5月27日起重新启动，计划使用欧盟成年用户在Facebook和Instagram平台公开分享的数据训练其AI模型。 “Meta未寻求用户主动授权，而是妄称拥有‘合法利益’来攫取所有用户数据。”noyb在声明中指出，“由于采用‘选择退出’而非‘选择加入’机制进行AI训练，Meta可能面临重大法律风险。” 该维权组织强调，Meta的AI训练计划违反欧盟《通用数据保护条例》（GDPR）。除不当主张“合法利益”外，Meta还刻意限制用户在训练开始前行使拒绝权。 noyb特别指出，即便仅有10%的Meta用户明确同意数据使用，其数据量也足以覆盖欧盟各语言的学习需求。值得关注的是，Meta此前声称收集这些数据是为准确反映欧洲地区多元化的语言、地理和文化特征。 “Meta大费周章只为推行选择退出机制而非选择加入。”noyb创始人马克斯·施雷姆斯表示，“他们试图通过虚构的‘合法利益’来合理化数据掠夺行为，这既不合法也非必要。其他AI供应商无需社交网络数据就能开发出更优秀的模型，Meta所谓‘盗取数据是AI训练必需’的论调荒谬可笑。” 该隐私组织同时批评Meta将合规责任转嫁给用户，并指出欧盟各国数据监管机构对“未经同意的AI训练”合法性普遍保持沉默。“Meta显然在监管缺位下强行推进计划，这无异于在欧盟境内再次进行高风险法律赌博，严重践踏用户权利。”声明补充道。 针对路透社的质询，Meta否认所有指控，称noyb的指控在事实和法律层面均属错误，强调已为欧盟用户提供“清晰”的反对数据用于AI训练的选项。 这并非Meta首次因依赖GDPR“合法利益”条款规避用户明示授权而遭质疑。2023年8月，该公司曾迫于压力，同意将欧洲用户定向广告的数据处理法律依据从“合法利益”改为“用户授权”。 此次争议爆发之际，比利时上诉法院最新裁定由谷歌、微软、亚马逊等科技巨头采用的“透明与同意框架”（TCF）违反GDPR多项原则，宣布该个性化广告数据处理机制在欧洲全境非法。这项裁决或对Meta当前主张的合法性构成进一步挑战。       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in GetSimple CMS 3.3.13. It has been classified as problematic. Affected is an unknown function of the file admin/template/js/uploadify/uploadify.swf. The manipulation of the argument movieName as part of Parameter leads to cross site scripting. This vulnerability is traded as CVE-2018-9173. It is possible to launch the attack remotely. Furthermore, there is an exploit available.