Aggregator

Новый AI понимает нас лучше, чем когда-либо.

In 2024, the Federal Communications Commission (FCC) launched the K-12 Cybersecurity Pilot Program, a groundbreaking initiative backed by $200 million in funding. Learn more from Cynet about how schools and libraries can apply to this program. [...]

以 sqlite-jdbc 为例谈缓存文件名可预测的危害

审计某站泄露的源码

反沙箱杂谈--获取沙箱环境

某物流软件存在sql注入漏洞分析

return trace情况的沙盒逃逸(linux内核低于4.8版本)

MT19937（梅森旋转）实践训练

Internet Archive founder confirmed the allegedly exposed data was “safe”

Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.

A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. This vulnerability was named CVE-2024-10130. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Oracle MySQL Connectors up to 9.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Connector/Python. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-21272. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

源鉴SCA4.7 重磅发布| 国内首创全链路可达性分析，新一代SCA能力天花板！ 日期：2024年10月18日 阅：67

Submit #422141 / VDB-280918

Submit #422126 / VDB-237954

A vulnerability classified as critical has been found in HFO4 shudong-share up to 2.4.7. This affects an unknown part of the file /includes/create_share.php of the component Share Handler. The manipulation of the argument fkey leads to sql injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-10129. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been rated as problematic. Affected by this issue is some unknown functionality of the file td.js.gz. The manipulation leads to risky cryptographic algorithm. This vulnerability is handled as CVE-2024-10128. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

牛品推荐 | 一款可有效降低安全合规成本的开发者安全助手 日期：2024年10月18日 阅：104

FIDO联盟提出全新密钥交换标准，旨在破解跨平台应用难题；CISA就多个新发现的关键漏洞发布紧急安全提醒 | 牛览 日期：2024年10月18日

Submit #421391 / VDB-280917