Aggregator

MSSprinkler是一款功能强大的密码喷射安全测试工具，可以帮助广大研究人员从外部角度测试其 Microsoft Online 帐户的安全性。

A vulnerability has been found in SAS Studio 9.4 and classified as critical. This vulnerability affects unknown code of the file /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath}. The manipulation leads to path traversal. This vulnerability was named CVE-2024-48735. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in xtreme1 up to 0.9.1. This vulnerability affects unknown code of the file /api/data/upload. The manipulation of the argument fileUrl leads to server-side request forgery. This vulnerability was named CVE-2024-48346. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in DrayTek Vigor 3900 1.5.1.3. Affected by this issue is the function setup_cacertificate of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-51259. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in ESAFENET CDG 5. It has been classified as critical. Affected is the function docHistory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument fileId leads to sql injection. This vulnerability is traded as CVE-2024-10594. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-10595. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-10596. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in ESAFENET CDG 5. This affects the function delPolicyAction of the file /com/esafenet/servlet/system/PolicyActionService.java. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-10597. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in DrayTek Vigor 3900 1.5.1.3. Affected by this vulnerability is the function ruequest_certificate of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is known as CVE-2024-51255. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in DrayTek Vigor 3900 1.5.1.3. Affected by this issue is the function acme_process of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-51260. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in SIP Reviews Shortcode for WooCommerce Plugin up to 1.2.3 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-6479. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in JeecgBoot 3.7.1. This affects an unknown part of the file /onlDragDatasetHead/getTotalData. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-48307. The attack can only be initiated within the local network. There is no exploit available.

作者：京东物流 张凯引言MySQL 死锁是线上经常遇到的现象，但是死锁分析却并不总是件容易的事情，本文介绍 MySQL 死锁日志的分析方法，帮助研发从日志中快速提取有效信息，从而提高死锁原因分析的效率。死锁介绍触发条件死锁的触发条件包括四个：•互斥•占有且等待•不可抢占用•循环等待如下图所示，两个事务加锁顺序不同导致死锁。发生死锁后只需要破坏发生死锁四个条件中的任意一个条件就可以解除死锁状态。数据

作者：京东物流 京东物流本文详细讲解下Redis热点key发现机制+客户端缓存的原理。一、redis4.0之基于LFU的热点key发现机制业务中存在访问热点是在所难免的，然而如何发现热点key一直困扰着许多用户，redis4.0为我们带来了许多新特性，其中便包括基于LFU的热点key发现机制。Redis中的LFU思路Least Frequently Used——简称LFU，意为最不经常使用，是re

AIGC安全评估

AIGC安全评估

AIGC安全评估

AIGC安全评估

作者：京东物流 京东物流背景本文通过阅读《Effective Java》、《Clean Code》、《京东JAVA代码规范》等代码质量书籍，结合团队日常代码实践案例进行整理，抛砖引玉、分享一些在编写高质量代码方面的见解和经验。这些书籍提供了丰富的理论知识，而团队的实际案例则展示了这些原则在实际开发中的应用。希望通过这篇文章，能够帮助大家更好地理解和运用这些编程最佳实践，提高代码质量和开发效率。什么

微软官方确认了Windows 11 24H2版本的一个新Bug，该问题会导致任务管理器在进程数上错误的显示为0。