Aggregator

CVE-2011-10012 | NetOp Remote Control Client 9.5 dws Configuration File stack-based overflow (EDB-17223)

Vuldb Updates
6 months ago
A vulnerability classified as critical was found in NetOp Remote Control Client 9.5. Affected by this vulnerability is an unknown functionality of the component dws Configuration File Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2011-10012. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-43986 | KuWFi GC111 3.0_20191211 Telnet Service improper authentication

Vuldb Updates
6 months ago
A vulnerability was found in KuWFi GC111 3.0_20191211. It has been classified as critical. Affected is an unknown function of the component Telnet Service. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-43986. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply restrictive firewalling.
vuldb.com

CVE-2011-10014 | SA-MP GTA San Andreas Multiplayer Server 0.3.1.1 server.cfg samp-server.exe stack-based overflow (EUVD-2011-5247 / EDB-17893)

Vuldb Updates
6 months ago
A vulnerability was found in SA-MP GTA San Andreas Multiplayer Server 0.3.1.1 and classified as critical. This issue affects some unknown processing of the file samp-server.exe of the component server.cfg Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2011-10014. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

New EncryptHub Campaign Leverages Brave Support Platform to Deliver Malicious Payloads via MMC Vulnerability

Cyber Security News
6 months ago

The cyberthreat landscape continues to evolve as malicious actors develop increasingly sophisticated attack methods, with the EncryptHub threat group emerging as a particularly concerning adversary. This emerging threat actor, also known as LARVA-208 and Water Gamayun, has been making headlines for its aggressive campaigns targeting Web3 developers and abusing legitimate platforms to deliver malicious payloads. […]

The post New EncryptHub Campaign Leverages Brave Support Platform to Deliver Malicious Payloads via MMC Vulnerability appeared first on Cyber Security News.

Tushar Subhra Dutta

SDL 83/100问:上传图片的API,除了常见web漏洞外,是否还会有风险?

我的安全视界观
6 months ago
这是一个合规问题,在软件开发的需求阶段,以安全需求的形式提出来,让业务方放到需求池中排期做。 在此之前我也没有关注这方面的意识,直到SRC收到白帽子提交的涉H图片漏洞,才意识到这方面应该纳入考虑,应用场景主要是:图片上传并展示到公众页面的功能,比如上传头像、论坛中允许发图片等。 在选择时,应该首选大厂,定期测试接口的可用性以及是否正常,避免过度信任带来内容安全风险。 -------------更多内容,请访问------------- 1、SDL 100问 SDL100问:我与SDL的故事 SAST误报太高,如何解决? SDL需要哪些人参与? 大家都有哪些SDL运营指标? 业务系统是否可以带漏洞上线? 日常的漏洞运营,也应该是SDL团队来做吗? 关于开发安全BP,对开展SDL有哪些帮助? SDL 79/100问:如何塑造开发安全文化? SDL 80/100问:怎样算是IAST扫描,都有哪些模式? SDL 81/100问:如何快速应急开源组件漏洞,比如fastjson? SDL 82/100问:说到供应链,有没有第三方信息安全相关的法规或者标准? 2、SDL创新实践 首发!“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键:研发安全团队 DevSecOps实施关键:研发安全流程 DevSecOps实施关键:研发安全规范 DevSecOps实施关键:研发安全工具 从安全视角,看研发安全 数字化转型下研发安全痛点 一个思考:安全测试驱动产品安全? 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、安全运营实践 基于实践的安全事件简述 安全事件运营SOP:钓鱼邮件 安全事件运营SOP:网络攻击 安全事件运营SOP:蜜罐告警 安全事件运营SOP:webshell事件 安全事件运营SOP:接收漏洞事件 应急能力提升:实战应急困境与突破 应急能力提升:挖矿权限维持攻击模拟

Managed ad