Aggregator

CVE-2023-0288 | Apple macOS up to 13.2.1 Vim heap-based overflow (HT213670 / EUVD-2023-12366)

Vuldb Updates
1 day 14 hours ago
A vulnerability, which was classified as problematic, has been found in Apple macOS up to 13.2.1. Affected by this issue is some unknown functionality of the component Vim. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2023-0288. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-2103 | alextselegidis easyappointments up to 1.4.x cross site scripting (EUVD-2023-1230)

Vuldb Updates
1 day 14 hours ago
A vulnerability classified as problematic has been found in alextselegidis easyappointments up to 1.4.x. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-2103. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-2428 | thorsten phpmyfaq up to 3.1.12 cross site scripting (EUVD-2023-1235)

Vuldb Updates
1 day 14 hours ago
A vulnerability was found in thorsten phpmyfaq up to 3.1.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2023-2428. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-0225 | Samba 4.17 LDAP Attribute dnsHostname permission (EUVD-2023-12311)

Vuldb Updates
1 day 14 hours ago
A vulnerability was found in Samba 4.17. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component LDAP Attribute Handler. The manipulation of the argument dnsHostname leads to permission issues. This vulnerability is known as CVE-2023-0225. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Review: Attack Surface Management

Help Net Security
1 day 14 hours ago

Attack Surface Management (ASM) has become one of those buzzwords that gets used a lot but rarely explained in detail. The authors of this book offer a practical guide that aims to change that. About the authors Ron Eddings is the Executive Producer at Hacker Valley Media. Melody Kaufmann is a freelance cybersecurity writer, and holds a Master’s in Information Security. Inside the book Organizations are dealing with environments that are always changing. These include … More →

The post Review: Attack Surface Management appeared first on Help Net Security.

Mirko Zorz

TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors

The Hackers News
1 day 14 hours ago
A hacking group with ties other than Pakistan has been found targeting Indian government organizations with a modified variant of a remote access trojan (RAT) called DRAT. The activity has been attributed by Recorded Future's Insikt Group to a threat actor tracked as TAG-140, which it said overlaps with SideCopy, an adversarial collective assessed to be an operational sub-cluster within
The Hacker News

How to Use Sudo 1.9.13 Exploit?

不安全
1 day 14 hours ago
Reddit帖子讨论sudo新漏洞CVE-2025-32462,利用--host标志实现权限提升。用户询问是否存在通用命令或需针对每台计算机调整。

CVE-2025-7108 | risesoft-y9 Digital-Infrastructure up to 9.6.7 Y9FileController.java deleteFile fullPath path traversal (EUVD-2025-20185)

Vuldb Updates
1 day 15 hours ago
A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file /Digital-Infrastructure-9.6.7/y9-digitalbase-webapp/y9-module-filemanager/risenet-y9boot-webapp-filemanager/src/main/java/net/risesoft/y9public/controller/Y9FileController.java. The manipulation of the argument fullPath leads to path traversal. This vulnerability is known as CVE-2025-7108. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-7109 | Portabilis i-Educar 2.9.0 Student Benefits Registration educar_aluno_beneficio_lst.php Benefício cross site scripting (EUVD-2025-20181)

Vuldb Updates
1 day 15 hours ago
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument Benefício leads to cross site scripting. This vulnerability is handled as CVE-2025-7109. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Time Series Is Everywhere—Here’s How to Actually Forecast It

不安全
1 day 15 hours ago
时间序列数据广泛应用于股票、温度、网站流量等领域。传统模型如ARIMA适合基本趋势预测,但面对复杂非线性或多变量数据时表现有限。深度学习(如LSTM)擅长处理长依赖关系,强化学习也可用于决策型预测。实际应用包括股票预测、工业故障检测和医疗监测。需注意过拟合、数据泄漏等问题。

Today’s Threats Move Fast—Your SIEM Needs to Move Faster

不安全
1 day 15 hours ago
文章探讨了现代网络安全威胁的复杂性及传统SIEM工具的局限性,强调了AI驱动监控的重要性。Chronicle与Google Cloud Logging结合,提供云原生威胁检测、实时洞察和智能分析能力,助力构建高效、自动化的安全防御系统。

New technique detects tampering or forgery of a PDF document

Help Net Security
1 day 15 hours ago

Researchers from the University of Pretoria presented a new technique for detecting tampering in PDF documents by analyzing the file’s page objects. The technique employs a prototype that can detect changes to a PDF document, such as changes made to the text, images, or metadata. Prototype flow With the PDF format being used as a formal means of communication in multiple industries, it has become a good target for criminals who wish to affect contracts … More →

The post New technique detects tampering or forgery of a PDF document appeared first on Help Net Security.

Sinisa Markovic

Managed ad