Aggregator

记一次黑盒测试打坏目标系统“入狱”到docker逃逸并修复实现“越狱”的日站过程，提醒大家日站需谨慎，不然亲人两行泪～

记一次黑盒测试打坏目标系统“入狱”到docker逃逸并修复实现“越狱”的日站过程，提醒大家日站需谨慎，不然亲人两行泪～

记一次黑盒测试打坏目标系统“入狱”到docker逃逸并修复实现“越狱”的日站过程，提醒大家日站需谨慎，不然亲人两行泪～

记一次黑盒测试打坏目标系统“入狱”到docker逃逸并修复实现“越狱”的日站过程，提醒大家日站需谨慎，不然亲人两行泪～

记一次黑盒测试打坏目标系统“入狱”到docker逃逸并修复实现“越狱”的日站过程，提醒大家日站需谨慎，不然亲人两行泪～

记一次黑盒测试打坏目标系统“入狱”到docker逃逸并修复实现“越狱”的日站过程，提醒大家日站需谨慎，不然亲人两行泪～

记一次黑盒测试打坏目标系统“入狱”到docker逃逸并修复实现“越狱”的日站过程，提醒大家日站需谨慎，不然亲人两行泪～

记一次黑盒测试打坏目标系统“入狱”到docker逃逸并修复实现“越狱”的日站过程，提醒大家日站需谨慎，不然亲人两行泪～

A vulnerability was found in Apache Subversion and classified as critical. This issue affects the function svnlook of the file contrib/hook-scripts/check-mime-type.pl. The manipulation of the argument -* leads to improper input validation. The identification of this vulnerability is CVE-2013-2088. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in FreeBSD 6.1. It has been rated as problematic. Affected by this issue is the function ftruncate. The manipulation leads to denial of service. This vulnerability is handled as CVE-2006-5482. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in KDE 3.0.1/3.0.2/3.0.3/3.0.3a and classified as problematic. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation of the argument icon leads to path traversal. This vulnerability is known as CVE-2002-1224. The attack can be launched remotely. Furthermore, there is an exploit available.

Meta 的新数据中心将坐落在路易斯安那州的 Richland Parish，占地 400 万平方英尺，投资 100 亿美元，将是 Meta 至尽规模最大的数据中心。新数据中心没有使用核电，Meta 与 Entergy 合作建造三座燃烧天然气的火电站，总发电能力 2,262MW。火电站将使用联合循环燃气轮机，比传统的燃气火电站更清洁，能利用废热驱动辅助蒸汽轮机。但它们仍然会释放出温室气体，Meta 承诺将在 20 年代末解决该问题。Entergy 声称火电站未来可以升级到完全使用氢燃料发电，但没有披露升级时间表。

A vulnerability was found in Adobe Flash Player 11.2.202.491/18.0.0.209. It has been classified as very critical. Affected is an unknown function. The manipulation leads to use after free. This vulnerability is traded as CVE-2015-5556. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Nabh Information Systems Stringbeans Portal 3.2. This affects an unknown part. The manipulation of the argument project_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2007-5478. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

As we wrap up 2024, two new reports suggest that Europe and leading African nations share many of the same cyber threats and potential cybersecurity solutions as their U.S. counterparts.

The post From Europe to South Africa: Where Is the World on Cyber Defense? appeared first on Security Boulevard.

Name: snakeCTF 2024 Finals (an snakeCTF event.)
Date: Dec. 5, 2024, 8 a.m. — 08 Dec. 2024, 08:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Lignano Sabbiadoro, Udine, Italy
Offical URL: https://2024.snakectf.org/
Rating weight: 0.00
Event organizers: MadrHacks

A vulnerability was found in Nokia Affix 2.1.2/3.2.0. It has been classified as critical. Affected is an unknown function of the component FTP Client. The manipulation of the argument filename leads to improper privilege management. This vulnerability is traded as CVE-2005-2277. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.