Aggregator

seacms(13.0版本)安装教程+漏洞点

私有云的对象存储系统的漏洞（可以导致任意覆盖写桶里面的文件）以及这个漏洞大模型AI场景利用挖掘以及影响。

A vulnerability was found in Frog CMS 0.9.5 and classified as problematic. This issue affects some unknown processing of the file /admin/?/user/add. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2018-8908. The attack may be initiated remotely. Furthermore, there is an exploit available.

活动时间：2025.05.12-05.18

活动时间：2025.05.12-05.18

HackerNews 编译，转载请注明出处： 网络安全研究人员发现，新型信息窃取软件“Noodlophile窃密者”正通过伪造的AI视频生成工具传播。攻击者在Facebook高流量群组投放名为“造梦机器”（Dream Machine）的广告，宣称可通过上传文件生成AI视频，实则诱导用户下载恶意压缩包。 感染链分析显示，受害者下载的ZIP文件内藏名为“Video Dream MachineAI.mp4.exe”的可执行程序（实为CapCut视频编辑软件v445.0版本的重打包程序），利用Winauth工具伪造数字签名。当用户双击该文件时，系统会执行多阶段攻击流程： 启动批处理脚本：通过install.bat调用Windows系统工具certutil.exe，解码Base64加密的带密码RAR压缩包（伪装为PDF文档） 建立持久化：在注册表添加自启动项 载荷注入：根据目标环境选择注入方式——若检测到Avast杀毒软件，则通过PE空心化技术将恶意代码注入RegAsm.exe进程；否则直接使用Shellcode内存加载 窃密执行：运行从硬编码服务器获取的混淆Python脚本，最终在内存中激活Noodlophile窃密者 该恶意软件具备三重数据窃取能力： 浏览器凭证：盗取Chrome、Edge等浏览器的账号密码、会话Cookie及身份令牌 数字资产：扫描加密货币钱包文件（如metamask.txt、ledger.txt等）与私钥 远程控制：部分样本捆绑XWorm远控木马，实现主动渗透 窃取数据通过Telegram机器人实时回传至攻击者，形成隐蔽的C2通道。安全公司Morphisec指出，此恶意软件即服务（MaaS）由越南语系犯罪团伙运营，暗网论坛提供“Cookie+密码提取”订阅服务。防御建议包括：禁用Windows文件扩展名隐藏功能，下载文件前验证数字签名，并使用更新至最新病毒库的安全软件扫描。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as problematic was found in Scriptsez Ez Poll Hoster. This vulnerability affects unknown code of the file index.php. The manipulation of the argument uid leads to cross site scripting. This vulnerability was named CVE-2009-4384. The attack can be initiated remotely. Furthermore, there is an exploit available.

HackerNews 编译，转载请注明出处： 美国高校常用课堂互动平台iClicker官网近期遭“ClickFix”攻击，黑客通过伪造验证码诱导师生执行恶意脚本。该平台隶属麦克米伦出版集团，服务全美5000余名教师与700万学生，用户包括密歇根大学、佛罗里达大学等知名院校。 据密歇根大学安全团队披露，2025年4月12日至16日期间，访问iClicker.com的用户会遭遇虚假CAPTCHA验证，提示点击“我不是机器人”按钮。当用户照做后，攻击者会将混淆处理的PowerShell指令复制至Windows剪贴板，诱导用户通过“运行”窗口执行。该脚本会连接远程服务器（http://67.217.228[.]14:8080）下载二级载荷——针对普通用户植入可实现设备完全控制的后门程序，对沙箱环境则伪装成微软VC++运行库安装包以规避检测。 安全机构SilentPush分析称，此类“ClickFix”社会工程攻击近年呈泛滥趋势，常伪装成Cloudflare验证、谷歌会议报错等界面。历史案例显示，最终载荷多为信息窃取程序，可盗取Chrome、Edge等浏览器的密码、Cookie、加密货币钱包及敏感文档（如seed.txt、metamask.txt等），并通过加密通道回传数据。考虑到攻击目标为高校群体，专家推测其最终目的可能是窃取凭证实施网络渗透或勒索攻击。 尽管iClicker于5月6日在官网发布安全公告，但BleepingComputer发现其页面嵌入了“noindex”元标签，致使公告无法被搜索引擎收录。公告称“登录前的虚假验证码由无关第三方植入，平台数据与核心功能未受影响”，建议4月12-16日期间点击过验证码的师生运行杀毒软件，并立即重置iClicker密码。若执行过恶意指令，需更换设备存储的所有密码，推荐使用BitWarden等密码管理器。 目前，移动端用户及未遭遇虚假验证码的访问者不受影响。平台母公司麦克米伦集团未回应媒体质询，安全研究人员正逆向分析攻击中使用的PowerShell混淆技术，以追溯攻击源头。       消息来源：bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability has been found in Foxit Reader 9.7.0.29455 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component JPEG2000 File Handler. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2020-8852. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Foxit Reader. Affected is an unknown function of the component AcroForms Handler. The manipulation as part of Annotation Object leads to use after free. This vulnerability is traded as CVE-2020-8857. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Foxit Reader 9.7.0.29455. This affects an unknown part of the component JPG2000 Image Handler. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2020-8848. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Foxit Reader 9.7.0.29455. This vulnerability affects unknown code of the component JPEG2000 File Handler. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2020-8849. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Foxit Reader 9.7.0.29455. This issue affects some unknown processing of the component JPEG2000 File Handler. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2020-8850. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Foxit Reader 9.7.0.29455. Affected is an unknown function of the component JPG2000 Image Handler. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2020-8851. It is possible to launch the attack remotely. There is no exploit available.

前言​​本文汇总全球可注册的免费域名资源，涵盖CF托管兼容性、注册门槛及隐藏技巧，助你零成本打造个人网站/项目。（关键词：免费域名 二级域名 CF托管 白嫖域名 […]

A vulnerability was found in Foxit Reader 9.7.0.29455. It has been rated as critical. Affected by this issue is some unknown functionality of the component JPEG2000 File Handler. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2020-8847. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Foxit Reader and classified as critical. This issue affects some unknown processing of the component CovertToPDF. The manipulation as part of JPEG File leads to integer overflow. The identification of this vulnerability is CVE-2020-8844. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Goverlan Reach Console, Reach Server and Client Agent. This affects an unknown part. The manipulation as part of Search Path leads to untrusted search path. This vulnerability is uniquely identified as CVE-2019-20456. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Rational Publishing Engine 6.0.6/6.0.6.1 and classified as problematic. This issue affects some unknown processing of the component Web UI. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2019-4431. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Halvotec RAQuest 10.23.10801.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Admin Application. The manipulation leads to open redirect. This vulnerability is known as CVE-2019-19613. The attack can be launched remotely. There is no exploit available. It is recommended to replace the affected component with an alternative.