Aggregator

A vulnerability classified as critical has been found in Cisco ASA up to 8.6. Affected is an unknown function of the component IPv6 Transit Traffic Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2012-3058. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Solaris 10. This issue affects some unknown processing of the component Management Console. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2012-3112. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Internet Explorer up to 6 and classified as critical. Affected by this issue is some unknown functionality in the library BR549.DLL of the component Cache. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2003-0530. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Internet Explorer up to 6.0 SP1 and classified as critical. Affected by this issue is some unknown functionality of the component Object Tag Handler. The manipulation of the argument data leads to improper privilege management. This vulnerability is handled as CVE-2003-0532. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Internet Explorer up to 6 and classified as critical. Affected by this issue is some unknown functionality of the component Object Data Handler. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2003-0531. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component Distributed Component Object Model Interface. The manipulation of the argument filename leads to memory corruption. This vulnerability is known as CVE-2003-0528. The attack can be launched remotely. There is no exploit available.

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea.

图：在菲律宾拉瓦格国际机场部署的美国新型提丰(Typhon)陆基导弹系统。（2024年9月13日）2024年12月23日，菲律宾军方称计划从美国购买“堤丰”中程导弹系统以保护其海上利益。这意味着菲律宾

近日有报道表明，以色列可能在 2024 年 12 月 15 日对叙利亚塔尔图斯的一个武器库进行空袭中使用了一枚小型战术核弹。据报道，欧盟的放射性环境监测检测到爆炸后土耳其和塞浦路斯的辐射水平增加，一些

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. SafeLine: Open-source web application firewall (WAF) SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. Trapster Community: Open-source, low-interaction honeypot Trapster Community is an open-source, lightweight, low-interaction honeypot designed for deployment within internal networks. It enhances network security by creating a deceptive layer that monitors and detects suspicious activities. FuzzyAI: … More →

The post Hottest cybersecurity open-source tools of the month: December 2024 appeared first on Help Net Security.

云安全之IAM权限提升场景和利用

WBCE CMS v1.5.2代码审计以及cve分析扩展

HTML Application利用

PHPGurukul Small CRM 1.0 sql注入漏洞分析(CVE-2024-12999)

基于大模型LLM的黑白盒RCE漏洞自动化挖掘

从APC到APC注入

免杀基础-常见shellcode执行方式

渗透测试-非寻常漏洞案例