Aggregator

A vulnerability classified as critical has been found in Redis up to 2.8.0/3.0.1. Affected is an unknown function of the component Lua Bytecode Handler. The manipulation leads to code. This vulnerability is traded as CVE-2015-4335. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in rubygem-moped. It has been declared as problematic. Affected by this vulnerability is the function Moped::BSON::ObjecId.legal. The manipulation leads to denial of service. This vulnerability is known as CVE-2015-4410. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MongoDB bson-ruby up to 3.0.3. It has been declared as problematic. This vulnerability affects the function Moped::BSON::ObjecId.legal. The manipulation leads to resource consumption. This vulnerability was named CVE-2015-4411. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

约半个世纪前，理论学家注意到引力波穿过时空后有可能会对时空造成永久形变！这种不可恢复的变化被称为引力记忆效应，换句话说，时空记得每次发生的改变。引力的记忆效应有两种：线性的记忆效应（由质量分布变化产生，例如超新星爆发）与非线性的记忆效应（由引力波辐射本身引起，即引力波可以产生引力波），其中非线性的记忆效应与广义相对论中的非线性特性具有密切关联，最让科学家们感兴趣的是非线性的记忆效应在不远的将来就有可能被探测到。非线性记忆效应的讯号主要集中在低频率（<10 Hz），现有的地面干涉仪的灵敏度在此频段较差，且地球的地质活动和环境噪音在低频率非常显著，掩盖了记忆效应的讯号。今年 6 月的一篇论文指出，未来启用的太空引力波天文台 LISA 专门用来寻找低频率引力波，能够提供高于地面干涉仪的信噪比，尤其是针对超大质量黑洞合并的记忆效应。

Как Китай помогает скрывать северокорейских IT-специалистов и их следы.

A vulnerability was found in Pyrophobia 2.1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument action leads to path traversal. This vulnerability is handled as CVE-2007-1152. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Freearcadescript Free Arcade Script 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument template leads to path traversal. The identification of this vulnerability is CVE-2009-0731. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in zFeeder 1.6 and classified as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2009-0807. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to add further authentication.

A vulnerability, which was classified as critical, has been found in Microsoft Internet Explorer 7. This issue affects some unknown processing of the component Append Object Handler. The manipulation leads to improper resource management. The identification of this vulnerability is CVE-2009-0075. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tombstone smNews. It has been rated as critical. Affected by this issue is some unknown functionality of the file login.php of the component Login. The manipulation of the argument username leads to sql injection. This vulnerability is handled as CVE-2009-0750. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Pre Classified Listings 1.0 and classified as problematic. This vulnerability affects unknown code of the file signup.asp. The manipulation of the argument address leads to cross site scripting. This vulnerability was named CVE-2008-6888. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in FTPx FTP Explorer 1.00.10. This issue affects some unknown processing of the component Profile File Handler. The manipulation leads to missing encryption of sensitive data. The identification of this vulnerability is CVE-2000-0214. Local access is required to approach this attack. Furthermore, there is an exploit available.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 2,000 Palo Alto Networks devices compromised in latest attacks Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Researchers unearth two previously unknown Linux backdoors ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. ScubaGear: Open-source tool to … More →

The post Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified appeared first on Help Net Security.

A vulnerability has been found in Cisco ASA 9.1(5.21) and classified as critical. This vulnerability affects unknown code of the component TLS Handler. The manipulation as part of MAC Field leads to cryptographic issues. This vulnerability was named CVE-2015-4458. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in ownCloud Desktop Client up to 1.8.1. This issue affects the function QNetworkReply::ignoreSslErrors. The manipulation leads to certificate with host mismatch. The identification of this vulnerability is CVE-2015-4456. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Bugzilla up to 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file Util.pm of the component Email Address Handler. The manipulation with the input @mozilla.com.example.com leads to improper input validation. This vulnerability is known as CVE-2015-4499. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in EMS Isilon OneFS up to 7.1.1.7/7.2.0.3/7.2.1.0. It has been declared as critical. This vulnerability affects unknown code of the component SmartLock Root-Login. The manipulation leads to improper access controls. This vulnerability was named CVE-2015-4545. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

大家好，又到了非正常人类研究中心被研究对象胡说八道的时候

A vulnerability was found in dpkg 1.3.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation as part of Header leads to path traversal. This vulnerability is handled as CVE-2014-3865. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHP up to 8.1.30/8.2.25/8.3.13. It has been declared as problematic. This vulnerability affects unknown code of the component Proxy Handler. The manipulation leads to http request smuggling. This vulnerability was named CVE-2024-11234. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.