Aggregator

A vulnerability has been found in Unisoft Com Mycar 1.0 and classified as critical. The affected element is an unknown function of the file index.php. This manipulation of the argument pagina causes sql injection. This vulnerability is registered as CVE-2010-2148. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as problematic has been identified in Danieljamesscott Com Music 0.10. Impacted is an unknown function of the file album.html. Executing manipulation of the argument cid can lead to path traversal. This vulnerability is handled as CVE-2010-2857. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Focusdev Com Mv Restaurantmenumanager up to 1.5.2. This impacts an unknown function of the file index.php. Performing manipulation of the argument mid results in sql injection. This vulnerability is cataloged as CVE-2010-1468. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. [...]

The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.

笔者最近在了解ai相关的内容。pytorch作为深度学习领域极具影响力的框架，自然是避不开的。上网搜索pytorch相关的漏洞，网上大部分都是对于rpc框架反序列化漏洞和命令注入漏洞的公告。这两个漏洞评分都在9分网上，公开了一段时间了，但是poc寥寥无几，网上也没有对此的分析，而且其中一个漏洞的cve编号被撤销了，这引发了笔者的好奇心，遂开始以下分析探索。

阐述了多种加密解密算法（XOR、MD5、SHA - 1、Base 系列、AES、DES、RC4、RSA、SM4、TEA 系列等）以及编码技术的原理、特征与逆向识别方法。结合 x64dbg 等工具，通过简单密码破解、XOR 加密破解、与服务器验证交互的密码破解等实操案例，详细演示了逆向工程中对加密数据的分析与破解流程。同时，梳理出各加密算法在汇编层面的典型特征，形成加密算法逆向识别对比表，为逆向工程

介绍映像伪装常见的几种手法

学到这个 trick 的时候只能说，php 是最好的语言，还没有落幕，每次看到 php 的新 trick 都不得不为之震惊，如何没有 php 代码做到代码执行，实战价值很大，看下面分析 Deadsec 团队这次每一道题是真有东西

信呼OA最新版前台SQL注入披露与挖掘过程

xxl-job IDOR 0Day 漏洞挖掘

AI 最近几年大爆火，引出的漏洞也不少，这就来分析一下最近爆出的通过伪造恶意的 MCP 服务来造成的 RCE 漏洞，看到阿里云漏洞库的通报就来分析分析

CVE-2025-0282

在经历了那么多伦的 JDBC 的攻防绕过，竟然还能有最新的绕过手法，学习了技巧后,发现核心原理就是 json 的解析覆盖属性，以前也用过这个 trick，没想到还能在 jdbc 绕过用到这个 trick，而且感觉这个思路很容易再去使用到其他框架上

A vulnerability, which was classified as problematic, was found in IBM Storage Defender up to 2.0.12. The impacted element is an unknown function of the component Resiliency Service. The manipulation results in risky cryptographic algorithm. This vulnerability is reported as CVE-2024-22314. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Siemens TeleControl Server Basic 3.1.2.1 and classified as critical. This issue affects the function UpdateProjectUserRights. The manipulation results in sql injection. This vulnerability is reported as CVE-2025-32831. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Siemens TeleControl Server Basic 3.1.2.1. It has been classified as critical. Impacted is the function LockProjectUserRights. This manipulation causes sql injection. This vulnerability appears as CVE-2025-32832. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Siemens TeleControl Server Basic 3.1.2.1. It has been declared as critical. The affected element is the function UnlockProjectUserRights. Such manipulation leads to sql injection. This vulnerability is traded as CVE-2025-32833. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens TeleControl Server Basic 3.1.2.1. It has been rated as critical. The impacted element is the function UpdateConnectionVariablesWithImport. Performing manipulation results in sql injection. This vulnerability is known as CVE-2025-32834. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Siemens TeleControl Server Basic 3.1.2.1. This affects the function UpdateConnectionVariableArchivingBuffering. Executing manipulation can lead to sql injection. This vulnerability is handled as CVE-2025-32835. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.