Aggregator

2024 年世界科幻大会公布了今年的雨果奖结果。此前主办方披露发现了数百张欺骗性投票。2024 年雨果奖包括：最佳长篇小说：Emily Tesh 的《Some Desperate Glo

2024 年世界科幻大会公布了今年的雨果奖结果。此前主办方披露发现了数百张欺骗性投票。2024 年雨果奖包括：
最佳长篇小说：Emily Tesh 的《Some Desperate Glory》，AI 掌控的 Majo 毁灭了地球，140 亿人死亡，幸存的大部分人类加入了 Majo，小部分反抗者聚集在 Gaea Station；
最佳中长篇小说：T. Kingfisher 的《Thornhedge》；
最佳中短篇小说：Naomi Kritzer 的《The Year Without Sunshine》；
最佳短篇小说：Naomi Kritzer 的《Better Living Through Algorithms》：
最佳系列小说：Ann Leckie 的《Imperial Radch》系列，其中第一部《Ancillary Justice》赢得了雨果奖、星云奖和亚瑟·克拉克奖，是至今第一部赢得三大科幻奖的作品；
最佳科幻电视剧：《最后生还者》之《Long, Long Time》；
最佳电影：《龙与地下城：侠盗荣耀》：
最佳游戏：《博德之门3》。

罗永浩回应「网传王自如离职」热议：跟我没关系；消息称 ARM 已在以色列雇用了约 100 名芯片和软件开发工程师；东洋证券分析师认为任天堂会在 2025 年 4-6 月发布 Switch 2 游戏掌机。

OpenAI announced it had dismantled an Iranian influence operation that was producing content related to the U.S. Presidential election. OpenAI has dismantled an Iran-linked influence operation, tracked as identified as Storm-2035, that was generating content about the U.S. presidential election. The company blocked a cluster of ChatGPT accounts that were used to create AI-generated articles and […]

OpenAI dismantled an Iranian influence operation targeting the U.S. presidential electionOpenA

A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site scripting. This vulnerability is traded as CVE-2024-7914. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql injection. The identification of this vulnerability is CVE-2024-7913. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #392193 / VDB-275040

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. This vulnerability was named CVE-2024-7912. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

This is episode three in my mini-series of posts describing news in the

Уникальные свойства межзвёздного объекта вызвали новые гипотезы о его возможном искусственном происхождении.

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /simple-online-bidding-system/bidding/index.php. The manipulation of the argument page leads to file inclusion. This vulnerability is uniquely identified as CVE-2024-7911. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2024-7910. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-7909. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected is the function setDefResponse of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument IpAddress leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-7908. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in TOTOLINK X6000R 9.4.0cu.852_20230719. This issue affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to command injection. The identification of this vulnerability is CVE-2024-7907. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload. This vulnerability was named CVE-2024-7906. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-7905. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. This vulnerability is handled as CVE-2024-7904. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.