Aggregator

A vulnerability was found in iScripts EasySnaps 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file add_comments.php. The manipulation of the argument begin leads to sql injection. This vulnerability is handled as CVE-2010-2624. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in HP LeftHand Virtual SAN Appliance hydra. It has been classified as very critical. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2013-2343. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ADP ADP Forum up to 2.0.3 and classified as problematic. This issue affects some unknown processing of the file post.php. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2006-1157. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Microsoft Internet Explorer 5.01/5.5/6.0. This issue affects some unknown processing of the component Legacy ActiveX Control. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2002-0647. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

突破限制

A vulnerability has been found in Kubernetes ingress-nginx up to 1.11.4/1.12.0 and classified as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper isolation or compartmentalization. This vulnerability is known as CVE-2025-1974. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in dhtmlxFileExplorer 8.4.6. It has been declared as problematic. This vulnerability affects unknown code of the component File Download Handler. The manipulation leads to file inclusion. This vulnerability was named CVE-2024-55214. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in OpenImageIO 3.1.0.0dev and classified as critical. This issue affects some unknown processing in the library /OpenImageIO/fmath.h. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2024-55194. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in OpenImageIO 3.1.0.0dev. Affected is an unknown function of the file /imagebuf.cpp. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-55195. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in dhtmlxFileExplorer 8.4.6 and classified as critical. Affected by this issue is some unknown functionality of the component File Listing. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-55213. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in DNNGo xBlog 6.5.0. Affected is an unknown function of the file /DNNGo_xBlog/Resource_Service.aspx. The manipulation of the argument Categorys leads to sql injection. This vulnerability is traded as CVE-2024-55212. It is possible to launch the attack remotely. There is no exploit available.

侧信道攻击在密码中一点应用

A vulnerability was found in OpenImageIO 3.1.0.0dev. It has been classified as critical. Affected is the function OpenImageIO_v3_1_0::farmhash::inlined::Fetch64. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-55192. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in OpenImageIO 3.1.0.0dev. It has been declared as critical. Affected by this vulnerability is an unknown functionality in the library /OpenImageIO/string_view.h. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-55193. The attack needs to be approached within the local network. There is no exploit available.

在上一篇文章的基础上，改成了文件分离的版本，这样面对于沙箱和杀软，免杀性更强，后续也会继续更新loader 希望大家多多关注

De NAVO door Nederland-tour zit erop. Vandaag ging in het World Forum het einde van de tour symbolisch over naar het Public Forum, het publieksevent waar tijdens de NAVO top verder wordt gesproken over de thema’s die raken aan vrede en veiligheid.

根据发表于《自然》的全球作物产量分析，到本世纪末，每变暖 1℃，人均可用粮食每天将减少约121千卡。研究论文作者、美国伊利诺伊大学厄巴纳-香槟分校的 Andrew Hultgren 说，根据目前轨迹，在 3℃ 的变暖情景下，“这相当于每个人都不再用早餐”。Hultgren 和同事收集了世界上六大主粮作物的产量数据。这些作物提供了全球人类所需热量的 2/3 以上。他们发现，对于除水稻外的所有作物，高温会造成巨大的损失，因为水稻在更暖的夜晚生长得更好。根据预测，到本世纪末，全球变暖情况下玉米产量比没有全球变暖的情况下降 12% 或28%，具体下降程度取决于温室气体排放量是适中还是非常高。如果农民不采取措施适应气候变化，那么在本世纪末变暖程度高的情景下，作物损失将增加约1 /3。不过，研究人员指出，即便采取了上述农业适应措施，也不太可能弥补气候变化造成的巨大作物损失。

英特尔新 CEO 陈立武正致力于削减开支重整业务，作为新战略的一部分，芯片巨人正将营销业务外包给 Accenture。英特尔表示相信 Accenture 利用 AI 将能更好的与客户沟通。英特尔表示将在 7 月 11 日前通知大部分营销人员它是否计划裁员。英特尔称，营销和运营职能的转型将导致团队结构的巨大变化，可能导致人员削减，只保留精简的团队。英特尔拒绝披露会有多少员工失去工作，也拒绝透露其营销部门有多少员工。

Name: cornCTF 2025 (an cornCTF event.)
Date: June 21, 2025, noon — 22 June 2025, 12:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://cornc.tf/
Rating weight: 23.12
Event organizers: pwnlentoni

SecWiki周刊（第589期) by ourren

更多最新文章，请访问SecWiki