Aggregator

A vulnerability was found in ZyXEL P-660HW-T1 3. It has been declared as problematic. This vulnerability affects unknown code of the file /Forms/WLAN_General_1. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2014-4162. The attack can be initiated remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment.

Rockwell Automationが提供する複数の製品には、データの信頼性確認が不十分な脆弱性が存在します。

MegaSys Computer Technologiesが提供するTelenium Online Web Applicationには、不適切な入力検証の脆弱性が存在します。

Kastle Systemsが提供するAccess Control Systemには、複数の脆弱性が存在します。

尽管这些监控行为为公司带来了丰厚的利润，但它们可能侵犯个人隐私，威胁个人自由，并使人们面临从身份盗窃到跟踪等一系列风险。

A vulnerability was found in Jamal Bates Show 1.3.14.254. It has been rated as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-6865. The attack can only be initiated within the local network. There is no exploit available.

- Gleaming Pisces 通过 Python 软件包分发 Linux 和 MacOS 后门 - APT34 针对伊拉克政府网络部署恶意软件 - UNC2970 使用木马化 PDF 阅读器部署后门

尽个人事，碎嘴一下，别做黑产

A vulnerability has been found in Apple iOS up to 10.1.1 and classified as critical. This vulnerability affects unknown code of the component FontParser. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-4688. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.7. This issue affects some unknown processing of the component nfsd. The manipulation of the argument nfsd4_fattr_args.context leads to uninitialized pointer. The identification of this vulnerability is CVE-2024-46697. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component vmwgfx. The manipulation leads to incorrect comparison. This vulnerability is known as CVE-2024-46710. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.6 and classified as problematic. Affected by this issue is the function __flush_work of the component workqueue. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-46704. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.6. It has been classified as critical. This affects an unknown part of the component DRM. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-46705. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.47/6.10.6. It has been declared as problematic. This vulnerability affects unknown code of the file serial_ctrl.c of the component fsl_lpuart. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-46706. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.7/6.11-rc1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component vmwgfx. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2024-46712. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

比赛时间：2024.9.13 - 2024.9.30

A vulnerability, which was classified as critical, was found in Apple watchOS up to 3.1.2. This affects an unknown part of the component FontParser. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-4691. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

在金融类的Web安全测试中，经常可以见到Web请求和响应数据包加密和签名保护，由于参数不可见，不能重放请求包，这类应用通常不能直接进行有效的安全测试，爬虫也爬不到数据。

A vulnerability has been found in Open Solution Quick.Cart 2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2007-3138. The attack can be launched remotely. Furthermore, there is an exploit available.