Aggregator

CVE-2007-3217 | Prototype of an PHP application ident/ident.inc.php path_inc Local Privilege Escalation (EDB-30118 / XFDB-34679)

6 months 3 weeks ago

A vulnerability was found in Prototype of an PHP application. It has been declared as problematic. Affected by this issue is some unknown functionality of the file ident/ident.inc.php. The manipulation of the argument path_inc results in Local Privilege Escalation. This vulnerability is reported as CVE-2007-3217. The attack requires a local approach. Moreover, an exploit is present.

vuldb.com

CVE-2007-3217 | Prototype of an PHP application menuadministration.php path_inc Remote Code Execution (EDB-30118 / XFDB-34679)

Vuldb Updates

6 months 3 weeks ago

A vulnerability was found in Prototype of an PHP application. It has been rated as critical. This affects an unknown part of the file menu/menuadministration.php. This manipulation of the argument path_inc causes Remote Code Execution. This vulnerability appears as CVE-2007-3217. The attack may be initiated remotely. In addition, an exploit is available.

vuldb.com

CVE-2007-3217 | Prototype of an PHP application menu/menuprincipal.php path_inc Remote Code Execution (EDB-30118 / XFDB-34679)

Vuldb Updates

6 months 3 weeks ago

A vulnerability categorized as critical has been discovered in Prototype of an PHP application. This vulnerability affects unknown code of the file menu/menuprincipal.php. Such manipulation of the argument path_inc leads to Remote Code Execution. This vulnerability is traded as CVE-2007-3217. The attack may be launched remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2007-3217 | Prototype of an PHP application param/param.inc.php path_inc Remote Code Execution (EDB-30118 / XFDB-34679)

Vuldb Updates

6 months 3 weeks ago

A vulnerability identified as critical has been detected in Prototype of an PHP application. This issue affects some unknown processing of the file param/param.inc.php. Performing manipulation of the argument path_inc results in Remote Code Execution. This vulnerability is known as CVE-2007-3217. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

vuldb.com

CVE-2007-3217 | Prototype of an PHP application ident/loginliste.php path_inc Remote Code Execution (EDB-30118 / XFDB-34679)

Vuldb Updates

6 months 3 weeks ago

A vulnerability has been found in Prototype of an PHP application and classified as critical. This impacts an unknown function of the file ident/loginliste.php. Performing manipulation of the argument path_inc results in Remote Code Execution. This vulnerability is cataloged as CVE-2007-3217. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2007-3217 | Prototype of an PHP application ident/loginmodif.php path_inc Remote Code Execution (EDB-30118 / XFDB-34679)

Vuldb Updates

6 months 3 weeks ago

A vulnerability was found in Prototype of an PHP application and classified as critical. Affected is an unknown function of the file ident/loginmodif.php. Executing manipulation of the argument path_inc can lead to Remote Code Execution. This vulnerability is registered as CVE-2007-3217. It is possible to launch the attack remotely. Furthermore, an exploit is available.

vuldb.com

SSD 长期断电后会缓慢丢失数据

Solidot

6 months 3 weeks ago

固态硬盘（SSD）基本上取代了机械硬盘成为最流行的存储设备，SSD 速度更快，功耗更低。但如果你计划将 SSD 作为冷存储设备使用，将数据储存在 SSD 里面然后离线保存几年，那么你可能需要三思而行，因为 SSD 在长时间断电后会缓慢损失或丢失数据。最便宜的 QLC NAND SSD 能在完全断电的情况下安全保存数据约一年时间，而价格更贵的 TLC NAND SSD 能保存数据三年，MLC 和 SLC NAND SSD 在断电的情况下分别能保存数据 5 年和 10 年。绝大多数消费级 SSD 使用的是 TLC 或 QLC NAND，因此断电超过一年就可能面临数据丢失的风险。相比下，机械硬盘比 SSD 更适合长时间断电保存数据。

SSD 长期断电后会缓慢丢失数据

不安全

6 months 3 weeks ago

固态硬盘（SSD）基本上取代了机械硬盘成为最流行的存储设备，SSD 速度更快，功耗更低。但如果你计划将 SSD 作为冷存储设备使用，将数据储存在 SSD 里面然后离线保存几年，那么你可能需

2025腾讯云大模型安全攻防沙龙，议程定了！顶级专家&学者&智能攻防团队，等你来“战”

嘶吼

6 months 3 weeks ago

11月29日，由腾讯云与腾讯安全联合主办的2025腾讯云大模型安全攻防沙龙将在广州拉开帷幕！众多行业领袖、技术大咖、资深学者、顶尖攻防团队将齐聚羊城，围绕大模型安全攻防前沿议题、产业最佳实践进行思维碰撞，分享创新技术成果。

会上也将重磅揭晓国内首个AI自主渗透赛「黑客松-智能渗透挑战赛」全国十强决赛结果，其参赛阵容覆盖清华大学、复旦大学、帝国理工学院、卡内基梅隆大学等国内外知名高校；鹏城实验室、中国科学院信息工程研究所等权威科研机构；以及阿里、华为、京东、长亭等行业领军企业战队，形成"产学研用"深度融合的竞技格局。

议程揭晓

高密度干货与顶尖交锋

深度融合

“技术分享+实战对决+圆桌对话”

一线领军人坐镇，拆解AI安全前沿议题

沙龙主会场邀请了腾讯云安全专家、高校学者及行业技术领袖，聚焦大模型生态安全、智能攻防技术演进、产业级安全解决方案等核心议题，分享一手实践经验与未来趋势预判。

年度AI安全收官战，见证王者诞生

从238支战队中脱颖而出的Top10，将在决赛现场展开终极对决。他们将围绕大模型安全场景提交渗透测试方案，通过技术演示、漏洞分析、防御建议等环节，展现AI时代安全攻防的最高水平。

腾讯AI安全成绩单首发，干货满满

活动现场将首次发布腾讯在AI安全领域的年度成果报告，揭秘在大模型漏洞检测、智能威胁感知、安全合规体系建设等方面的技术突破与落地案例，为行业提供可借鉴的实践路径。

报名开启！

11月29日，无论是AI安全从业者、技术爱好者还是行业观察者，这场年度盛宴都不容错过！

扫描下方图片二维码立即报名，即可见证AI自主攻防的历史性时刻，与全球顶尖高手共探智能防御未来！（现场还可参与多轮抽奖，获取限量版安全周边，干货满满，福利多多）

企业资讯

2025腾讯云大模型安全攻防沙龙，议程定了！顶级专家&学者&智能攻防团队，等你来“战”

不安全

6 months 3 weeks ago

企业资讯

CVE-2025-13383 | BestWebSoft Job Board Plugin up to 1.2.1 on WordPress update_user_meta cross-site request forgery (EUVD-2025-199582)

VulDB Recent Entries

6 months 3 weeks ago

A vulnerability described as problematic has been identified in BestWebSoft Job Board Plugin up to 1.2.1 on WordPress. This affects the function update_user_meta. Executing manipulation can lead to cross-site request forgery. This vulnerability appears as CVE-2025-13383. The attack may be performed from remote. There is no available exploit.

vuldb.com

CVE-2025-12587 | Peer Publish Plugin up to 1.0 on WordPress cross-site request forgery (EUVD-2025-199563)

VulDB Recent Entries

6 months 3 weeks ago

A vulnerability marked as problematic has been reported in Peer Publish Plugin up to 1.0 on WordPress. Affected by this issue is some unknown functionality. Performing manipulation results in cross-site request forgery. This vulnerability is reported as CVE-2025-12587. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

CVE-2025-13311 | Just Highlight Plugin up to 1.0.3 on WordPress Setting Highlight Color cross site scripting (EUVD-2025-199567)

VulDB Recent Entries

6 months 3 weeks ago

A vulnerability labeled as problematic has been found in Just Highlight Plugin up to 1.0.3 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. Such manipulation of the argument Highlight Color leads to cross site scripting. This vulnerability is documented as CVE-2025-13311. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2025-13467 | Keycloak LDAP User Federation deserialization

VulDB Recent Entries

6 months 3 weeks ago

A vulnerability identified as critical has been detected in Keycloak. Affected is an unknown function of the component LDAP User Federation Handler. This manipulation causes deserialization. This vulnerability is registered as CVE-2025-13467. The attack requires access to the local network. No exploit is available.

vuldb.com

CVE-2025-12586 | Conditional Maintenance Mode Plugin up to 1.0.0 on WordPress cross-site request forgery (EUVD-2025-199579)

VulDB Recent Entries

6 months 3 weeks ago

A vulnerability categorized as problematic has been discovered in Conditional Maintenance Mode Plugin up to 1.0.0 on WordPress. This impacts an unknown function. The manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2025-12586. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-12032 | Zweb Social Mobile Plugin up to 1.0.0 on WordPress cross site scripting

VulDB Recent Entries

6 months 3 weeks ago

A vulnerability was found in Zweb Social Mobile Plugin up to 1.0.0 on WordPress. It has been rated as problematic. This affects an unknown function. The manipulation of the argument vithanhlam_zsocial_save_messager/vithanhlam_zsocial_save_zalo/vithanhlam_zsocial_save_hotline/vithanhlam_zsocial_save_contact leads to cross site scripting. This vulnerability is listed as CVE-2025-12032. The attack may be initiated remotely. There is no available exploit.

vuldb.com

雷神众测漏洞周报2025.11.17-2025.11.23

雷神众测

6 months 3 weeks ago

CVE-2025-12645 | Inline Frame Plugin up to 0.1 on WordPress Shortcode cross site scripting (EUVD-2025-199568)

VulDB Recent Entries

6 months 3 weeks ago

A vulnerability was found in Inline Frame Plugin up to 0.1 on WordPress. It has been declared as problematic. The impacted element is an unknown function of the component Shortcode Handler. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-12645. The attack can be launched remotely. No exploit exists.

vuldb.com

CVE-2025-12025 | YouTube Subscribe Plugin up to 3.0.0 on WordPress Title/Channel ID cross site scripting

VulDB Recent Entries

6 months 3 weeks ago

A vulnerability was found in YouTube Subscribe Plugin up to 3.0.0 on WordPress. It has been classified as problematic. The affected element is an unknown function. Performing manipulation of the argument Title/Channel ID results in cross site scripting. This vulnerability is identified as CVE-2025-12025. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

How an AI meltdown could reset enterprise expectations

Help Net Security

6 months 3 weeks ago

In this Help Net Security interview, Graham McMillan, CTO at Redgate Software, discusses AI, security, and the future of enterprise oversight. He explains why past incidents haven’t pushed the industry to mature. McMillan also outlines the structural shifts he expects once failures start to have business impact. What type of AI-driven failure do you believe is most likely to force the industry into a maturity leap, and why have recent incidents not been enough to … More →

The post How an AI meltdown could reset enterprise expectations appeared first on Help Net Security.

Mirko Zorz

Aggregator

Managed ad