Aggregator

无界BOUNDLESS · 数织未来AI同行｜2024 TechWorld绿盟科技智慧安全大会圆满召开 日期：2024年11月04日

A vulnerability was found in ISC BIND 8.2.2. It has been rated as critical. This issue affects some unknown processing of the component ZXFR Request Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2000-0887. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Один клик превращает магазин в мошенническую схему.

A vulnerability was found in php-gettext up to 1.0.11. It has been classified as critical. This affects an unknown part of the component Plural Form Formula Handler. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2015-8980. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

U.S. intel says Russia made a fake video claiming Haitians voted illegally in Georgia, aiming to spread election disinformation. U.S. intel reports Russia created a fake viral video falsely claiming Haitians illegally voted multiple times in Georgia, aiming to spread election disinformation. U.S. intelligence agencies’ claims are based on existing intel and past Russian disinformation […]

A vulnerability has been found in Rianxosencabos CMS 0.9 and classified as critical. This vulnerability affects unknown code of the file useradmin.php of the component Control Panel. The manipulation leads to improper access controls. This vulnerability was named CVE-2008-4245. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Knowledgebase-script PHPKB Knowledge Base Software 1.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file email.php. The manipulation of the argument ID leads to sql injection. This vulnerability is known as CVE-2008-5088. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in 6rbScript 3.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file section.php. The manipulation leads to sql injection. This vulnerability is known as CVE-2008-6454. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Dieselscripts Diesel Job Site. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2008-6467. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Epic Games Unreal Tournament 3 up to 1.2. Affected by this issue is some unknown functionality of the component WebAdmin. The manipulation leads to path traversal. This vulnerability is handled as CVE-2008-4243. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in jPORTAL 2. This vulnerability affects unknown code of the file humor.php. The manipulation leads to sql injection. This vulnerability was named CVE-2008-6451. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Mevin Basic-php-events-lister 1.0 and classified as critical. This issue affects some unknown processing of the file event.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2008-6464. The attack may be initiated remotely. Furthermore, there is an exploit available.

Возможность оценить угрозы, ещё до того как они станут реальными.

奇安信威胁情报中心发现，新海莲花组织APT-Q-31近期重新活跃，并采用MSI文件滥用的新手法，这是首次在国内针对政企的APT活动中捕获到该技术的使用。海莲花的两个攻击集合共享攻击资源，但TTP完全不同。上次新海莲花的活跃是2023年末。

Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime). The tech giant described the development as the "first real-world vulnerability" uncovered using the artificial intelligence (AI) agent. "We believe this is the first public example of an AI agent finding

Куда ведут следы похищенных из Git данных?

根据 GitHub 的年度开发者报告，Python 取代 JavaScript 成为 GitHub 最受欢迎的语言，而印度将在 2028 年超过美国成为 GitHub 开发者人数最多的国家。GitHub 称 AI 并没有取代程序员的工作，而是推动了更多人用他们的母语写代码。2024 年 GitHub 上生成式 AI 项目贡献量增长 59%，项目总数增长 98%，许多贡献来自印度、德国、日本和新加坡等国。美国开发者人数仍然最多，其次是印度、中国、巴西、英国、俄罗斯、德国、印度尼西亚、日本和加拿大。GitHub 目前有 5.18 亿个项目，同比增长 25%。

A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The identification of this vulnerability is CVE-2024-10766. The attack may be initiated remotely. Furthermore, there is an exploit available. The initial researcher disclosure contains confusing vulnerability classes and file names.