Aggregator

A vulnerability was found in DEV DEV web management system up to 1.5. It has been declared as problematic. This vulnerability affects unknown code of the file add.php of the component Management System. The manipulation of the argument array leads to basic cross site scripting. This vulnerability was named CVE-2005-4555. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in elfutils 0.189 and classified as problematic. Affected by this issue is the function handle_verdef of the file readelf.c. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-25260. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as critical, has been found in ABO.CMS 5.8. This issue affects some unknown processing of the component Admin Login Page. The manipulation of the argument tb_login leads to sql injection. The identification of this vulnerability is CVE-2024-25227. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in libheif up to 1.17.6. It has been rated as problematic. Affected by this issue is the function JpegEncoder::Encode. The manipulation leads to memory leak. This vulnerability is handled as CVE-2024-25269. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Simple Admin Panel App 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminView/viewEachOrder.php. The manipulation of the argument orderID leads to sql injection. The identification of this vulnerability is CVE-2024-25223. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Simple Admin Panel App 1.0. It has been declared as problematic. Affected by this vulnerability is the function Add Size. The manipulation of the argument Size Number leads to cross site scripting. This vulnerability is known as CVE-2024-25224. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Task Manager App 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /TaskManager/Projects.php. The manipulation of the argument Project Name leads to cross site scripting. This vulnerability was named CVE-2024-25218. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Task Manager App 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /TaskManager/EditTask.php. The manipulation of the argument taskID leads to sql injection. This vulnerability is known as CVE-2024-25220. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Task Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file /TaskManager/Tasks.php. The manipulation of the argument Note Section leads to cross site scripting. This vulnerability is known as CVE-2024-25221. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Employee Managment System 1.0. This vulnerability affects unknown code of the file /aprocess.php. The manipulation of the argument mailud leads to sql injection. This vulnerability was named CVE-2024-25216. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. This vulnerability is handled as CVE-2025-5848. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Spatie browsershot and classified as critical. This vulnerability affects the function setUrl. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2025-3192. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Microsoft Windows 2000/Server 2003. It has been classified as critical. Affected is an unknown function of the component DNS Service. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2007-1748. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in IBM Lotus Domino up to 6.5.5. Affected by this vulnerability is an unknown functionality of the component LDAP Server. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2007-1739. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CA BrightStor ARCserve Backup up to 9.01 and classified as very critical. This issue affects some unknown processing. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2007-2139. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Office Publisher 2007 and classified as critical. This vulnerability affects unknown code of the component Pointer Handler. The manipulation leads to improper resource management. This vulnerability was named CVE-2007-1754. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ipsec-tools 0.6.2. It has been declared as problematic. Affected by this vulnerability is the function isakmp_info_recv. The manipulation leads to denial of service. This vulnerability is known as CVE-2007-1841. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

本期周报简介：1、如何有效管理第三方Onsite员工账号，避免账号未及时注销引发的安全隐患？ 2、国内后量子密码学加密算法的发展现状如何，面临哪些挑战？ 3、对关基单位进行模拟攻击时需要遵循哪些合规要求，如何平衡模拟攻击的效果与风险管控？

A vulnerability was found in Employee Managment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2024-25213. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as critical has been found in Employee Managment System 1.0. This affects an unknown part of the file /aprocess.php. The manipulation of the argument pwd leads to sql injection. This vulnerability is uniquely identified as CVE-2024-25215. The attack needs to be approached within the local network. There is no exploit available.