Aggregator

A vulnerability has been found in Martin Nagy bind-dyndb-ldap 0.1.0/0.2.0/1.0.0/1.1.0 and classified as problematic. This vulnerability affects the function dns_to_ldap_dn_escape of the component DNS Server. The manipulation leads to improper input validation. This vulnerability was named CVE-2012-3429. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Tom Braider Count Per Day up to 2.15.0 and classified as problematic. This issue affects some unknown processing of the file userperspan.php. The manipulation of the argument datemax leads to cross site scripting. The identification of this vulnerability is CVE-2012-3434. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Zabbix up to 1.8.14/2.0.1. Affected is an unknown function. The manipulation of the argument itemid leads to sql injection. This vulnerability is traded as CVE-2012-3435. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in ImageMagick 6.7.8-6 and classified as problematic. This issue affects the function Magick_png_malloc. The manipulation of the argument proper leads to denial of service. The identification of this vulnerability is CVE-2012-3437. The attack may be initiated remotely. There is no exploit available.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

2024年度总结

安全分析与研究专注于全球恶意软件的分析与研究前言概述 除了做点安全研究，别的我好像什么都不会，注定一条道走到底时光荏苒，2024年已经接近尾声，又到了写年度总结的时候了，每年的年底笔者都会坚持写一个年

01阅读须知此文所节选自小报童《.NET 内网实战攻防》专栏，主要内容有.NET在各个内网渗透阶段与Windows系统交互的方式和技巧，对内网和后渗透感兴趣的朋友们可以订阅该电子报刊，解锁更多的报刊内

53某速ERP系统文件上传漏洞53.1 漏洞概述某速ERP管理系统File.ashx存在任意文件上传漏洞 POST /Api/File**.ashx?method=**Upload HTTP/1.1H

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A vulnerability classified as critical has been found in Microsoft Windows 2000/XP. This affects an unknown part of the component RDP Handler. The manipulation leads to missing encryption of sensitive data. This vulnerability is uniquely identified as CVE-2002-0863. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows NT 4.0/2000. It has been declared as critical. This vulnerability affects unknown code of the component SMB Handler. The manipulation as part of SMB_COM_TRANSACTION Packet leads to memory corruption. This vulnerability was named CVE-2002-0724. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows 2000. It has been classified as critical. Affected is an unknown function of the component Network Connection Manager. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2002-0720. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows NT 4.0/2000/XP. It has been rated as very critical. This issue affects some unknown processing of the component CHM File Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2002-0694. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.