Aggregator

Part1 前言 大家好，我是ABC_123。过去几年，在内网中多次遇到weblogic 8.x，与10.x及后续版本相比，早期版本的weblogic后台获取shell的过程会比较复杂。首先，web

A vulnerability was found in Linux Kernel up to 6.12.6. It has been rated as critical. This issue affects the function ceph_direct_read_write. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2024-56710. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.67/6.12.6. It has been declared as problematic. This vulnerability affects the function stmmac_tso_xmit. The manipulation leads to allocation of resources. This vulnerability was named CVE-2024-56719. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.121/6.6.67/6.12.6. It has been classified as problematic. This affects the function ocelot_ifh_set_basic in the library lib/packing.c of the file net/dsa/tag_ocelot.c of the component mscc. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2024-56717. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.6 and classified as critical. Affected by this issue is the function export_udmabuf of the component udmabuf. The manipulation leads to memory leak. This vulnerability is handled as CVE-2024-56712. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.119/6.6.63/6.11.10/6.12.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component RDMA. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-56722. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM WebSphere Application Server 2.0/3.0/3.0.2.1 and classified as critical. This issue affects some unknown processing of the file /servlet/file of the component Invoker Servlet. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2000-0652. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Gentoo webapp-config 1.10 and classified as problematic. This vulnerability affects the function fn_show_postinst. The manipulation leads to symlink following. This vulnerability was named CVE-2005-1707. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LivelyCart 1.2.0 and classified as critical. This issue affects some unknown processing of the file product/search. The manipulation of the argument search_query leads to sql injection. The identification of this vulnerability is CVE-2015-5148. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Zoho ManageEngine Password Manager Pro up to 7.0. It has been declared as critical. This vulnerability affects unknown code of the component Password Manager. The manipulation of the argument sv leads to sql injection. This vulnerability was named CVE-2014-3997. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Cobalt Qube 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file readmsg.php of the component WebMail. The manipulation of the argument mailbox leads to path traversal. This vulnerability is known as CVE-2001-1408. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Pegasi Web Server 0.2.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2004-2617. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Public Knowledge Project Open Journal Systems up to 2.0.2-1. It has been classified as critical. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2011-5196. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

In the previous blog about Exploring Marauder, Bruce, and Ghost ESP on Cheap Yellow Displ

关键词微软微软警告称，在使用介质支持工具安装Windows 11版本24H2时，操作系统可能无法接受后续的安全更新。该问题发生在使用CD和USB闪存驱动器安装Windows 11版本时，且包含了202

关键词病毒据 BleepingComputer 报道，近期至少五款 Chrome 扩展程序遭受协同攻击，攻击者通过注入恶意代码窃取用户敏感信息。数据丢失防护公司 Cyberhaven 于 12 月 2

关键词比特币从长远来看，比特币的涨势其实正面临着一个近来成为股市热点 " 题材 "、但大多数加密货币投资者可能并未关注到的风险：量子计算。这项新兴技术在本月谷歌宣称其新型 Willow 量子计算芯片取