Aggregator

A vulnerability was found in Oracle MySQL Workbench up to 8.0.19. It has been rated as critical. Affected by this issue is some unknown functionality of the component MySQL Workbench. The manipulation leads to injection. This vulnerability is handled as CVE-2019-14889. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

ECOVACSが提供する複数の製品には、複数の脆弱性が存在します。

HackerNews 编译，转载请注明出处： 新斯科舍省电力公司（Nova Scotia Power）确认遭遇数据泄露事件。该事件最初于2025年4月28日被发现，攻击者通过未授权访问侵入其业务网络及服务器。 作为加拿大电力巨头Emera集团子公司，该公司服务新斯科舍省超过50万居民、商业和工业客户，市场占有率达95%，年发电量超1万吉瓦时，运营着总长3.2万公里的输电线网。 尽管电力生产与配送未受影响，但事件响应工作导致内部运营系统中断。2025年5月1日的深入调查显示客户信息可能遭窃，最新更新确认泄露数据包括：全名、电话号码、电子邮箱、邮寄与服务地址、参与公司项目的记录、出生日期、用电历史（含用电量、服务请求、付款记录、账单明细、信用历史及客户通信内容）、驾照号码、社会保险号以及部分客户的银行账号。 调查发现实际入侵时间早于最初判断，攻击始于2025年3月19日，这意味着从漏洞发生到通过邮寄信件通知受影响客户已过去近两个月。该公司表示目前未发现泄露数据遭滥用的迹象，但将为受影响用户提供为期两年的免费信用监控服务（由环联公司TransUnion提供），并在通知信中详细说明相关支持资源。 新斯科舍省电力公司提醒客户警惕钓鱼攻击，包括冒充该公司骗取敏感信息的行为。截至5月15日，尚无勒索软件组织宣称对此事件负责。值得注意的是，虽然电力供应未受波及，但客户服务热线与在线门户在事件响应期间瘫痪长达三周。调查显示攻击者可能利用了未公开漏洞，但具体技术细节尚未披露。       消息来源：bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Schneider Electricが提供するEcoStruxure Power Build Rapsodyには、スタックベースのバッファオーバーフローの脆弱性が存在します。

A vulnerability, which was classified as problematic, has been found in IBM Navigator Mobile Android 3.4.1.1/3.4.1.2. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-38388. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in OpenCart 3.x. Affected is an unknown function of the file index.php?route=extension/module/so_newletter_custom_popup/newsletter of the component Newsletter Custom Popup. The manipulation of the argument email leads to sql injection. This vulnerability is traded as CVE-2022-41403. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in F-Secure/WithSecure Product. Affected by this issue is some unknown functionality in the library aerdl.dll of the component Unpacker. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-28887. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01. This affects the function formWifiBasicSet. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-42079. The attack can only be done within the local network. There is no exploit available.

A vulnerability has been found in Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument sched_start_time leads to heap-based buffer overflow. This vulnerability was named CVE-2022-42080. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Dropbear up to 2020.81. It has been classified as critical. Affected is an unknown function of the component Non-RFC-compliant Check. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2021-36369. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 and classified as problematic. This issue affects the function fromSysToolReboot. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2022-42077. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Tenda US_AC1206V1.0RTL_V15.03.06.23_multi_TD01. It has been classified as problematic. Affected is the function fromSysToolRestoreSet. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2022-42078. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Boodskap IoT Platform 4.4.9-02 and classified as critical. This vulnerability affects unknown code of the file /api/user/upsert/<uuid> of the component Request Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2022-35135. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Boodskap IoT Platform 4.4.9-02 and classified as critical. This issue affects some unknown processing of the component API Request Handler. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2022-35136. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Boodskap IoT Platform 4.4.9-02. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-35134. The attack may be initiated remotely. There is no exploit available.

HackerNews 编译，转载请注明出处： 斯洛伐克网络安全公司ESET最新研究发现，与俄罗斯有关联的威胁组织通过跨站脚本（XSS）漏洞对Roundcube、Horde、MDaemon和Zimbra等主流邮件系统实施网络间谍活动，其中针对MDaemon的漏洞在攻击初期属于零日漏洞。该行动被命名为“Operation RoundPress”，研究人员以中等置信度将其归因于俄罗斯政府支持的黑客组织APT28（又名BlueDelta、Fancy Bear、Sednit）。 ESET研究员Matthieu Faou在向《黑客新闻》提供的报告中指出：“此次行动的核心目标是窃取特定邮箱账户的机密数据。主要受害者集中于东欧政府机构及军工企业，但我们也观察到非洲、欧洲和南美洲的政府部门同样遭到攻击。”这并非APT28首次利用邮件系统漏洞——2023年6月，Recorded Future曾披露该组织滥用Roundcube的三个历史漏洞（CVE-2020-12641、CVE-2020-35730和CVE-2021-44026）进行侦察和数据收集。 自2023年以来，Winter Vivern、UNC3707（即GreenCube）等其他威胁组织也持续针对邮件系统发起攻击。ESET将RoundPress行动与APT28建立关联的依据包括：钓鱼邮件发件地址的重叠性，以及服务器配置手法的相似性。2024年的攻击目标主要涉及乌克兰政府机构、保加利亚与罗马尼亚的军工企业（部分企业正在为乌克兰生产苏制武器），其他受害者还包括希腊、喀麦隆、厄瓜多尔、塞尔维亚和塞浦路斯的政府、军事及学术机构。 攻击者通过Horde、MDaemon和Zimbra的XSS漏洞在网页邮箱界面执行任意JavaScript代码。值得注意的是，美国网络安全与基础设施安全局（CISA）已于2024年2月将Roundcube漏洞CVE-2023-43770列入已知被利用漏洞（KEV）目录。虽然Horde（2007年发布的Horde Webmail 1.0已修复的未公开旧漏洞）、Roundcube和Zimbra（CVE-2024-27443）的漏洞均属于已公开补丁的缺陷，但MDaemon的XSS漏洞（CVE-2024-11182，CVSS评分5.3）在被利用时尚未修复，该漏洞已于2023年11月发布的24.5.1版本完成修补。 Faou解释道：“Sednit通过电子邮件发送这些XSS漏洞利用程序。恶意JavaScript代码会在浏览器运行的网页邮箱客户端中执行，因此攻击者仅能读取和窃取受害者账户权限内的数据。”不过，攻击成功的必要条件是受害者需在存在漏洞的网页邮箱界面打开邮件，且邮件需绕过垃圾邮件过滤器进入收件箱。由于触发XSS漏洞的恶意代码隐藏在邮件正文的HTML代码中，邮件本身内容看起来完全正常。 漏洞成功利用后，名为SpyPress的混淆JavaScript有效载荷将执行窃取邮箱凭证、邮件内容和联系人信息的操作。该恶意软件虽不具备持久化机制，但每次打开被篡改的邮件时都会重新加载。ESET补充指出：“我们还检测到部分SpyPress.ROUNDCUBE变种具备创建Sieve规则的能力。该规则会将所有新邮件的副本转发至攻击者控制的邮箱地址，由于Sieve规则是Roundcube的固有功能，即使恶意脚本停止运行，规则仍将持续生效。” 窃取的数据通过HTTP POST请求发送至硬编码的命令与控制（C2）服务器。某些恶意软件变种还能捕获登录记录、双因素认证（2FA）代码，甚至为MDAEMON创建应用密码，确保在用户修改密码或2FA代码后仍能维持邮箱访问权限。Faou警告称：“过去两年间，Roundcube和Zimbra等网页邮箱服务器已成为Sednit、GreenCube和Winter Vivern等多个间谍组织的重点目标。由于许多机构未能及时更新邮件系统补丁，加之攻击者仅需发送邮件即可远程触发漏洞，此类服务器极易沦为邮件窃取的跳板。”       消息来源： thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in Microsoft Windows up to Vista. Affected is an unknown function of the component OpenType Font Parser. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2015-2458. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /pages/credit_transaction_add.php. The manipulation of the argument prod_name leads to sql injection. This vulnerability is handled as CVE-2025-4716. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Placement Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /drive.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-4721. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. This vulnerability is traded as CVE-2025-4728. It is possible to launch the attack remotely. Furthermore, there is an exploit available.