Aggregator

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store. On December 25th, 2024, a malicious version of Cyberhaven’s browser extension was published on the Chrome Store that […]

The post SquareX Researchers Uncover OAuth Vulnerability in Chrome Extensions Days Before Major Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

今天才看到 Obsidian 的 CEO Steph Ango 写过 80 个问题，是他用于每年、每十年自问的。感觉这些问题还有点意思，先分享出来，或许可以做些增删，调整出一份适合自己的，然后定期回顾

新的一年快到了，或许你也可以自己问问自己，以及后续每年问问自己。

Submit #472068 / VDB-289788

A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an NSA employee. The disclosure, made on X (formerly Twitter), reveals a severe security flaw that could have far-reaching implications for both individual users and organizations globally. GBHackers recently reported a severe security vulnerability […]

The post New 7-Zip 0-Day Exploit Allegedly Leaked Online Via ‘X’ appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Pos

A vulnerability was found in PHPSlash 0.5.3.2/0.6.1 and classified as critical. Affected by this issue is some unknown functionality of the file block_render_url.class of the component Administrator Handler. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2001-1334. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Web-app.org WebAPP up to 0.9.9.3.2. It has been rated as problematic. This issue affects some unknown processing of the file index.cgi. The manipulation of the argument vsSD leads to basic cross site scripting. The identification of this vulnerability is CVE-2006-1427. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in TitanHQ SpamTitan 7.07. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file certs-x.php. The manipulation of the argument fname as part of Parameter leads to improper input validation. This vulnerability is known as CVE-2020-11700. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in LANDesk LANDesk Management Suite up to 8.80.1.1. Affected is an unknown function of the file PXEMTFTP.exe of the component TFTP Service. The manipulation leads to path traversal. This vulnerability is traded as CVE-2008-6195. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Apple iTunes 10.6.3. It has been rated as critical. This issue affects some unknown processing of the component WebKit. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2012-3705. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple iTunes 10.6.3. Affected is an unknown function of the component WebKit. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2012-3706. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iTunes 10.6.3. It has been classified as critical. This affects an unknown part of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-3703. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.