Aggregator

A vulnerability was found in Oracle Enterprise Manager Ops Center 12.4.0.0 and classified as very critical. This issue affects some unknown processing of the component Networking. The manipulation leads to cleartext transmission of sensitive information. The identification of this vulnerability is CVE-2023-23914. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in fx Private Site Plugin up to 1.2.1 on WordPress. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-0906. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Newsletter2Go Plugin up to 4.0.13 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Style Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-1328. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in wpwax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.7 on WordPress. Affected is the function outpost_shortcode_metabox_markup. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-2006. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in BookingPress Plugin up to 1.0.87 on WordPress. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-3022. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Max Foundry Media Library Folders Plugin up to 8.1.8 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-31287. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in realmag777 WOLF Plugin up to 1.0.8.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-31430. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Booking Algorithms BA Book Everything Plugin up to 1.6.4 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-32125. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in cURL up to 7.87.x. Affected is an unknown function of the component HTTP Compression Handler. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2023-23916. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： Facebook 警告称，FreeType 2.13 及以下版本中的一个漏洞可导致任意代码执行，且该漏洞已被用于攻击。 FreeType 是一个广泛使用的开源字体渲染库，用于显示文本和程序化地将文本添加到图像中。它支持多种字体格式，如 TrueType (TTF)、OpenType (OTF) 等。 该库安装在数百万个系统和服务中，包括 Linux、Android、游戏引擎、GUI 框架和在线平台。 此漏洞编号为 CVE-2025-27363，CVSS v3 评分为 8.1（高危），已在 2023 年 2 月 9 日的 FreeType 2.13.0 版本中修复。 Facebook 昨日披露了这一漏洞，警告称该漏洞在所有 2.13 及以下版本的 FreeType 中均可被利用，并且已有报告显示该漏洞在攻击中被积极利用。 “在 FreeType 2.13.0 及以下版本中，当尝试解析与 TrueType GX 和可变字体文件相关的字体子图结构时，存在越界写入问题，”公告中写道。 “漏洞代码将一个有符号短整型值赋给一个无符号长整型，然后添加一个静态值，导致其回绕并分配过小的堆缓冲区。” “随后，代码会在这个缓冲区的边界外写入多达 6 个有符号长整型，这可能导致任意代码执行。” 尽管 Facebook 可能在某种程度上依赖 FreeType，但尚不清楚其安全团队观察到的攻击是否发生在其平台上，或者他们是在其他地方发现了这些攻击。 鉴于 FreeType 在多个平台上的广泛使用，软件开发者和项目管理员必须尽快升级到 FreeType 2.13.3（最新版本）。 尽管最新易受攻击的版本（2.13.0）已发布两年，但较旧的库版本可能在软件项目中长期存在，因此尽快解决该漏洞至关重要。 BleepingComputer 就此漏洞及其利用方式向 Meta 询问，收到了以下声明： “当我们发现开源软件中的安全漏洞时，会进行报告，因为这有助于增强每个人在线安全，”Facebook 对 BleepingComputer 表示。“我们认为用户希望我们不断探索提高安全性的方法。我们将保持警惕，并致力于保护人们的私人通信。”   消息来源：Bleeping Computer； 本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as critical has been found in Tracker Software PDF-XChange Editor. This affects an unknown part of the component RTF File Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-2231. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in parse-git-config 3.0.0. It has been rated as problematic. Affected by this issue is the function expandKeys. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-25975. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Palo Alto GlobalProtect App on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to reliance on untrusted inputs in a security decision. This vulnerability is known as CVE-2025-0117. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto GlobalProtect App and GlobalProtect UWP App on Windows. It has been classified as critical. Affected is an unknown function. The manipulation leads to exposed unsafe activex method. This vulnerability is traded as CVE-2025-0118. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Avid NEXIS E-series, NEXIS F-series, NEXIS PRO+ and System Director Appliance on Linux and classified as critical. This issue affects some unknown processing. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2024-26290. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SAML-Toolkits ruby-saml up to 1.12.3/1.17.x and classified as critical. This vulnerability affects unknown code of the component ReXML/Nokogiri. The manipulation leads to improper verification of cryptographic signature. This vulnerability was named CVE-2025-25292. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

psudohash Psudohash is a password list generator for orchestrating brute force attacks and cracking hashes. It imitates certain password creation patterns commonly used by humans, like substituting a word’s letters with symbols or numbers...

The post psudohash: Generates millions of keyword-based password mutations in seconds appeared first on Penetration Testing Tools.

web-check Get an insight into the inner workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using. Currently, the dashboard will...

The post web-check: All-in-one OSINT tool for analysing any website appeared first on Penetration Testing Tools.

HackerNews 编译，转载请注明出处： 微软周二发布安全更新，修复了57个安全漏洞，其中包括6个已在野外被积极利用的零日漏洞。 在这57个漏洞中，6个被评为“严重”，50个为“重要”，1个为“低危”。修复的漏洞中，有23个涉及远程代码执行，22个与权限提升相关。 此外，微软还修复了其基于 Chromium 的 Edge 浏览器中的17个漏洞，其中一个是特定于浏览器的伪造漏洞（CVE-2025-26643，CVSS 评分：5.4）。 6个被积极利用的零日漏洞 CVE-2025-24983（CVSS 评分：7.0）——Windows Win32 内核子系统的 Use-After-Free（UAF）漏洞，允许授权攻击者在本地提升权限。 CVE-2025-24984（CVSS 评分：4.6）——Windows NTFS 信息泄露漏洞，攻击者可通过插入恶意 USB 设备，读取目标设备的部分堆内存。 CVE-2025-24985（CVSS 评分：7.8）——Windows Fast FAT 文件系统驱动的整数溢出漏洞，允许未经授权的攻击者在本地执行代码。 CVE-2025-24991（CVSS 评分：5.5）——Windows NTFS 越界读取漏洞，允许授权攻击者在本地窃取信息。 CVE-2025-24993（CVSS 评分：7.8）——Windows NTFS 基于堆的缓冲区溢出漏洞，允许未经授权的攻击者在本地执行代码。 CVE-2025-26633（CVSS 评分：7.0）——Microsoft Management Console（MMC）输入净化不当漏洞，允许未经授权的攻击者本地绕过安全功能。 发现并报告 CVE-2025-24983 的安全公司 ESET 透露，该漏洞最早于2023年3月在野外发现，并通过名为 PipeMagic 的后门程序传播至受感染主机。 ESET 解释称，该漏洞属于 Win32k 驱动中的 Use-After-Free 漏洞，在特定情况下，使用 WaitForInputIdle API 可能导致 W32PROCESS 结构被多次解引用，引发 UAF 攻击。要成功利用该漏洞，攻击者需要在竞争条件中占据优势。 PipeMagic 于2022年首次被发现，这是一种基于插件的木马程序，主要针对亚洲和沙特阿拉伯的目标。2024年底，该恶意软件曾伪装成 OpenAI ChatGPT 应用进行传播。 据卡巴斯基实验室 2024年10月的报告，PipeMagic 生成 16 字节的随机数组，以 \\.\pipe\1.<十六进制字符串> 的格式创建命名管道。该恶意软件会不断创建、读取并销毁该管道，以接收加密载荷和控制信号。通常，PipeMagic 依赖从命令与控制（C2）服务器下载的多个插件，而该服务器托管在微软 Azure 上。 Zero Day Initiative 指出，CVE-2025-26633 源自 MSC 文件处理方式的缺陷，允许攻击者绕过文件信誉保护，并在当前用户环境中执行代码。此漏洞的利用活动与名为 EncryptHub（又称 LARVA-208）的威胁组织有关。 安全公司 Action1 发现，攻击者可以将影响 Windows 核心文件系统的四个漏洞（CVE-2025-24985、CVE-2025-24993、CVE-2025-24984 和 CVE-2025-24991）进行组合利用，从而实现远程代码执行和信息泄露。这四个漏洞均由匿名报告。 Immersive 安全研究高级总监 Kev Breen 解释称，该攻击方法依赖于攻击者构造恶意的 VHD（虚拟硬盘）文件，并诱导用户打开或挂载它。虽然 VHD 主要用于存储虚拟机操作系统，但过去已有攻击者通过 VHD/VHDX 作为钓鱼攻击载体，以绕过杀毒软件检测。 Tenable 研究员 Satnam Narang 指出，CVE-2025-26633 是继 CVE-2024-43572 之后，第二个在野外被利用的 MMC 相关零日漏洞。而 CVE-2025-24985 则是自 2022年3月以来，Windows Fast FAT 文件系统驱动的首个被利用的零日漏洞。 目前尚不清楚这些漏洞的具体利用规模和攻击环境。鉴于其严重性，美国网络安全与基础设施安全局（CISA）已将这些漏洞列入“已知被利用漏洞”（KEV）目录，并要求联邦机构在 2025年4月1日前完成修补。   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in SAML-Toolkits ruby-saml up to 1.12.3/1.17.x. This affects an unknown part of the component ReXML/Nokogiri. The manipulation leads to improper verification of cryptographic signature. This vulnerability is uniquely identified as CVE-2025-25291. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.