Aggregator

A vulnerability, which was classified as critical, has been found in InterVations NaviCOPA Web Server 2.01. This affects an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2006-5112. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in KGB 1.87 and classified as problematic. Affected is an unknown function of the file kgcall.php. This manipulation of the argument engine causes path traversal. This vulnerability is handled as CVE-2006-5115. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in phpMyAdmin up to 2.9.0 Dev and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Libraries. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2006-5117. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in PHPSelect Web Development Division. It has been classified as critical. Affected by this issue is some unknown functionality of the file index.php3. Performing a manipulation of the argument Application_Root results in file inclusion. This vulnerability was named CVE-2006-5118. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Zen Cart 1.3.5. It has been declared as problematic. This affects an unknown part. Executing a manipulation of the argument admin_email can lead to cross site scripting. The identification of this vulnerability is CVE-2006-5119. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Scott Metoyer Red Mombin 0.7. It has been rated as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to basic cross site scripting. This vulnerability is referenced as CVE-2006-5120. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as critical has been discovered in PostNuke 0.762. This issue affects some unknown processing. The manipulation of the argument hits results in sql injection. This vulnerability is identified as CVE-2006-5121. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in HP Mercury SiteScope 8.2. Impacted is an unknown function. This manipulation causes basic cross site scripting. This vulnerability is tracked as CVE-2006-5122. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as critical has been reported in Joshua Muheim phpMyWebmin 1.0. The impacted element is an unknown function of the file window.php. Performing a manipulation of the argument target results in file inclusion. This vulnerability is cataloged as CVE-2006-5124. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as problematic has been identified in Joshua Muheim phpMyWebmin 1.0. This affects the function opendir of the file window.php. Executing a manipulation of the argument target can lead to information disclosure. This vulnerability is registered as CVE-2006-5125. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. "The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal," Slovakian cybersecurity company ESET said in a report shared with The Hacker

Почему Mythos — не фабрика нулевых дней, а просто помощник.

最近学习了一下免杀相关的知识，参考了互联网几个公开项目的思路,尝试自己开发了一个小工具，本文主要用来记录一下主要思路。

2026 年 4 月 21 日，「从这里 向世界出发」百度安全 2025 BSRC 年度盛典在印度尼西亚-巴厘岛圆满举办。近30 位白帽精英齐聚一堂，围绕AI 安全攻防实践、高危漏洞挖掘等核心议题深度交流，共探数字时代安全挑战与防御之道。

感谢您一直以来对先知平台的支持与信任！

ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions

A vulnerability was found in Froxlor up to 2.3.5. It has been declared as critical. This affects the function Language::loadLanguage of the component API Endpoint. The manipulation of the argument def_language results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is cataloged as CVE-2026-41228. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Froxlor up to 2.3.5. It has been rated as critical. This vulnerability affects the function PhpHelper::parseArrayToString in the library lib/userdata.inc.php of the component Setting Handler. This manipulation of the argument privileged_user causes code injection. This vulnerability is registered as CVE-2026-41229. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.