Aggregator

A vulnerability has been found in MapServer up to 7.0.2 and classified as problematic. This vulnerability affects unknown code of the component OGR Driver. The manipulation leads to information disclosure (Connection). This vulnerability was named CVE-2016-9839. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Retail Returns Management 14.0/14.1 and classified as critical. This vulnerability affects unknown code of the component Security. The manipulation leads to path traversal. This vulnerability was named CVE-2016-9878. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. [...]

A vulnerability was found in BitsCast 0.13.0. It has been classified as critical. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2007-2726. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in secondfiction Codename Birdgame 1. It has been classified as critical. This affects an unknown part of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is uniquely identified as CVE-2014-6763. The attack can only be done within the local network. There is no exploit available.

彭博社报道了一个相关性现象：在线约会应用的流行与贫富差距的扩大。报道援引研究称，随着在线约会应用的兴起，美国人越来越多的与和自己相似的人结婚，1980-2020 年之间家庭收入不平等的增加

Насколько иррациональные числа важны для эволюции.

A vulnerability was found in Linksys BEFSR41 1.40.2/1.41/1.42.3/1.42.7 and classified as problematic. This issue affects some unknown processing of the file Gozila.cgi of the component Remote Management. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2002-1236. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in bongomovie 1 and classified as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-6762. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Intellinet NFC-30ir IP Camera LM.1.6.16.05. Affected by this issue is some unknown functionality of the component CGI Script. The manipulation leads to path traversal. This vulnerability is handled as CVE-2017-7461. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Achievo 1.1.0. It has been declared as very critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument config_atkroot leads to file inclusion. This vulnerability was named CVE-2007-2736. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Oracle Retail Point-of-Sale 14.0/14.1. This affects an unknown part of the component Transaction. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2016-9878. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Home在线应用SkylineWebcams – 来自 60 多个国家、热门旅游地点的高清实况摄像头

Linus Torvalds 在内核邮件列表上宣布释出 Linux 6.11，6.12 合并窗口开启，Linux 6.12 有望成为新的长期支持版本（LTS）。Linux 6.11主要新特性包括：io_uring 子系统支持 bind() 和 listen()操作，针对实时内核减少延迟的新锁定机制，减少文本占用错误信息 ETXTBSY，支持用 Rust 开发块驱动程序，支持块层的原子写入操作、专用 bucket slab 分配器加固内核防御堆喷射（heap spraying）攻击、getrandom() 的 vDSO 实现，等等。

A vulnerability, which was classified as critical, has been found in Oracle Retail Integration Bus 14.0.x/14.1.x/15.0.x/16.0.x. Affected by this issue is some unknown functionality of the component Install. The manipulation leads to path traversal. This vulnerability is handled as CVE-2016-9878. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to code injection. This vulnerability is traded as CVE-2024-8880. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The project maintainer was informed early about the issue. Investigation shows that playSMS up to 1.4.3 contained a fix but later versions re-introduced the flaw. As long as the latest version of the playsms/tpl package is used, the software is not affected. Version >=1.4.4 shall fix this issue for sure. It is recommended to upgrade the affected component.