Aggregator

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063漏洞情况近日，国家信息安全漏洞库(CNNVD)收到关于Fortinet FortiManager访问控制错误漏洞(CNN

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 国家工业信息安全发展研究中心 张格 孙娅苹 高莹莹 张哲宇当前，我国新型工业化不断深入推进，新一代信息技术与制造

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063为整治网上国家通用语言文字不规范使用乱象，塑造有利于未成年人健康成长的网络环境和育人生态，近日，中央网信办、教育部印发通

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 宁波大学法学院教授 谢小瑶进入数字时代，数字技术重构了社会生产生活方式，数据已经逐渐成为市场创新发展和政府公共治

扫码订阅《中国信息安全》邮发代号 2-786征订热线：010-82341063文 | 中国人民大学国际关系学院博士研究生 安怡宁；中国社会科学院世界经济与政治研究所助理研究员 陈兆源网络空间是人类共

A vulnerability, which was classified as critical, was found in Trustwave ModSecurity. Affected is an unknown function of the component Multipart Request Parser. The manipulation with the input Content-Disposition: form-data; name="id"[\r][\r][\n] as part of POST Request leads to improper access controls. This vulnerability is traded as CVE-2012-4528. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Ntoseye Windows kernel debugger for Linux hosts running Windows under KVM/QEMU. Features Command line interface WinDbg style commands Kernel debugging PDB fetching Breakpointing Scripting API (Lua) Supported Windows ntoseye currently only supports Windows 10...

The post Ntoseye: Windows kernel debugger for Linux hosts running Windows under KVM/QEMU appeared first on Penetration Testing Tools.

GetAltName GetAltName (or GAN) is a tool that can extract Subject Alternative Names found in SSL Certificates directly from HTTPS websites which can provide you with DNS names (subdomains) or virtual servers. This code extracts subdomain names from https sites...

The post getaltname: Extract subdomains from SSL certificates in HTTPS sites appeared first on Penetration Testing Tools.

TLS Attacker TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This...

The post TLS-Attacker: Java-based framework for analyzing TLS libraries appeared first on Penetration Testing Tools.

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士美国网络安全和基础设施安全局 (CISA) 正在提出新的安全要求，阻止敌对实例访问美国人的个人数据以及政府相关信息。这些要求的对象是参与涉及大量美国

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士三星移动处理器中存在一个0day漏洞 (CVE-2024-44068)，正被用于利用链中，实施任意代码执行。该漏洞的CVSS评分为8.1，已在三星十

安全公告编号:CNTA-2024-00182024年10月23日，国家信息安全漏洞共享平台（CNVD）收录了VMware vCenter Server堆溢出漏洞（CNVD-2024-41447，对应C

A vulnerability has been found in ISC DHCPD 3.0/3.0.1 and classified as very critical. This vulnerability affects unknown code of the file print.c of the component NSUPDATE Option Handler. The manipulation leads to format string. This vulnerability was named CVE-2002-0702. The attack can be initiated remotely. Furthermore, there is an exploit available.

点击了解更新详情~

点击了解更新详情~

点击了解更新详情~

点击了解更新详情~

点击了解更新详情~

A vulnerability was found in 1-Script 1-Search 1.8. It has been classified as problematic. This affects an unknown part of the file 1search.cgi. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2005-4091. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in QEMU up to 6.7.x. It has been declared as problematic. This vulnerability affects unknown code of the component libvirt API. The manipulation leads to improper access controls. This vulnerability was named CVE-2020-25637. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.