Aggregator

A vulnerability classified as problematic was found in Quick CMS 6.7. Affected by this vulnerability is an unknown functionality of the component Pages Menu Component. The manipulation of the argument Meta description leads to cross site scripting. This vulnerability is known as CVE-2023-43344. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Quick CMS 6.7. It has been classified as problematic. Affected is an unknown function of the component Languages Menu. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-43342. It is possible to launch the attack remotely. There is no exploit available.

开源情报从业者必备神器，你都用过哪几款？

A vulnerability, which was classified as critical, has been found in Eliteladders Elite Gaming Ladders 3.0. Affected by this issue is some unknown functionality of the file stats.php. The manipulation of the argument Account leads to sql injection. This vulnerability is handled as CVE-2010-5017. The attack may be launched remotely. Furthermore, there is an exploit available.

Клон Telegram API вшивает SSH-бэкдор в систему.

新型钓鱼攻击：SVG文件暗藏恶意HTML，绕过安全检测窃取敏感信息！

A vulnerability, which was classified as critical, has been found in stb_vorbis. Affected by this issue is the function start_decoder of the component OGG Vorbis File Handler. The manipulation leads to double free. This vulnerability is handled as CVE-2023-45679. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in stb_vorbis and classified as critical. Affected by this vulnerability is the function start_decoder of the component OGG Vorbis File Handler. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2023-45681. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in stb_vorbis. It has been rated as critical. This issue affects the function setup_malloc of the component OGG Vorbis File Handler. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2023-45676. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in stb_vorbis. Affected is an unknown function of the component OGG Vorbis File Handler. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2023-45677. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Microsoft Edge and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2023-36409. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in stb_vorbis. This vulnerability affects unknown code of the component OGG Vorbis File Handler. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2023-45682. The attack can be initiated remotely. There is no exploit available.

Oracle has released version 8 of its Unbreakable Enterprise Kernel (UEK), a custom Linux kernel built for Oracle Linux. UEK 8 includes updates to memory management, better file system support, faster networking, and improvements for specific hardware platforms. It also pulls in changes from the wider Linux community. UEK 8 is designed to handle heavy workloads. It builds on the combination of Oracle Linux and UEK to support large enterprise systems. That includes setups using … More →

The post Oracle releases Unbreakable Enterprise Kernel 8 (UEK 8) appeared first on Help Net Security.

Подробное руководство по переходу: примеры, скрипты и готовые решения.

天文学家在《皇家天文学会月刊》上报告，宇宙可能正在旋转，只是速度极其缓慢。这一发现或有助于解开天文学最大的谜团之一，即哈勃张力。当前模型认为，宇宙在各个方向均匀膨胀，没有任何旋转的迹象。这一观点与大多数天文学家的观测结果一致，但它无法解释为何两种测量宇宙膨胀速度的方法之间长期存在差异。天文学家通过观察附近的超新星（爆炸的恒星），得出过去数十亿年来宇宙的膨胀率约为73千米/秒/百万秒差距。当他们研究宇宙中最古老的光（来自大爆炸后不久留下的余晖）时，得出数值约为67.4千米/秒/百万秒差距。这种差异在统计学非常显著，几乎不可能将其归因于测量误差，因此成为人们理解宇宙的重大障碍。旋转在自然界无处不在：行星自转、恒星公转、星系旋转，黑洞也以接近其最大可能的速度旋转……夏威夷大学天文研究所 István Szapudi 团队猜想，这种模式是否也适用于宇宙本身。该团队开发了一个宇宙数学模型，发现带有旋转量的模型解决了这一悖论，且与当前的天文测量结果并不矛盾。更令他们兴奋的是，该模型与假设存在旋转的其他模型相兼容。旋转模型显示，宇宙大约每 10 亿年旋转 0.002 次，即宇宙大约需要 5000 亿年才能完成一周旋转。这一速度非常慢，难以轻易探测到，但足以影响空间随时间的膨胀方式。相比之下，银河系每 2.5 亿年完成一周旋转。宇宙旋转的假设并未违反任何已知的物理定律。

A vulnerability was found in I-doit Pro. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-46003. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. This vulnerability is traded as CVE-2023-5694. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Concrete CMS 9.2.1. It has been classified as problematic. Affected is an unknown function of the component Header/Footer Tracking Codes. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-44760. It is possible to launch the attack remotely. There is no exploit available.