Aggregator

THM靶场-Lookup-通关WriteUp

禅道18.x-20.x版本漏洞挖掘思路分析

MemoryModule的远程反射dll加载与一些没有实现的想法

2024鹏城杯线下赛复现

JDBC Attack漫谈

智能驾驶「大决战」要来了，未来的主战场在哪？

马斯克玩坏了 X，2000 万「Twitter 难民」疯狂涌向这个 App

黑客利用 macOS 扩展文件属性隐藏恶意代码

新型漏洞攻击利用服务器进行恶意更新

mprz

A vulnerability classified as problematic was found in Hitachi Energy TRO600 up to 9.2.0.0. This vulnerability affects unknown code. The manipulation leads to improper removal of sensitive information before storage or transfer. This vulnerability was named CVE-2024-41156. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Veeam Service Provider Console up to 8.0. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-45206. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Veeam Agent up to 12.2 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument PATH leads to injection. This vulnerability is known as CVE-2024-45207. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as critical was found in Funnelforms Free Plugin up to 3.7.4.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2024-10587. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Posti Shipping Plugin up to 3.10.3 on WordPress. Affected by this issue is the function generate_notices_html. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-10832. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Eleblog Plugin up to 1.8 on WordPress. This affects an unknown part of the component Deactivation Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-10663. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Responsive Videos Plugin up to 2.1 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-11747. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Pulsating Chat Button Plugin up to 1.3.6 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-11813. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in NPS Computy Plugin up to 2.8.0 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-11807. The attack can be launched remotely. There is no exploit available.