Aggregator

A vulnerability was found in Pheap 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file settings.php. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2007-2985. The attack may be launched remotely. Furthermore, there is an exploit available.

Europol headed up an international law enforcement operation against the operators and users of Ghost, an encrypted messaging app that was used by criminal organizations worldwide for drug trafficking, money laundering, and threating to kill or harm people.

The post International Raids Shut Down Ghost Encrypted Messaging App appeared first on Security Boulevard.

Kill-doc是一款免费的文档下载工具，能看见多少我能下载多少，适用于Tampermonkey或其他支持用户脚本的浏览器扩展。它可以下载公开免费的PP

短信转发器——不仅只转发短信，备用机必备神器！监控Android手机短信、来电、APP通知，并根据指定规则转发到其他手机：钉钉群自定义机器人、钉钉企

Вредоносное ПО крадёт больше, чем кажется: опасность растёт.

Как новый алгоритм защитит пользователей платформы от троллей и фейков.

A vulnerability was found in imop Long 1.0.4 and classified as critical. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-6855. The attack can only be initiated within the local network. There is no exploit available.

Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to the virtual appliance. “Once an attacker has gained an authenticated administrative session on the appliance, they can carry out any action that a legitimate administrator user would be capable of. This includes the ability to reconfigure settings on the appliance, or modify policies to allow … More →

The post Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) appeared first on Help Net Security.

Picus Security announced it has closed a $45 million growth investment round led by Riverwood Capital with the participation of existing investor Earlybird Digital East Fund, bringing Picus’ total funds raised to $80 million. Picus has over 500 enterprise customers worldwide today, and this latest investment will advance Picus’ continued product innovation and expand customer success, sales, and marketing. Picus offers the only Adversarial Exposure Validation solution that brings together Automated Penetration Testing, Breach and … More →

The post Picus Security raises $45 million to help organizations reduce cyber risk appeared first on Help Net Security.

在上线二十年后，《魔兽世界》允许玩家独自一人完成故事。暴雪为《魔兽世界》提供了多种不同的难度，其中最困难的难度是 Mythic，半职业的硬核工会才能完成：之后是 Heroic、Normal

报告时间：2024年9月27日（周五）10:00-13:00 地点：A2003

A vulnerability has been found in GNUBOARD5 up to 5.3.1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file adm/config_form_update.php of the component Homepage Title Handler. The manipulation of the argument cf_title as part of Parameter leads to cross site scripting. This vulnerability is known as CVE-2018-18668. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in GNUBOARD5 up to 5.3.1.x. Affected is an unknown function of the file adm/boardgroup_form_update.php of the component Extra Contents. The manipulation of the argument gr_1~10 as part of Parameter leads to cross site scripting. This vulnerability is traded as CVE-2018-18678. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in GNUBOARD5 5.3.1.9. Affected is an unknown function of the file adm/board_form_update.php. The manipulation of the argument bo_content_tail as part of Parameter leads to cross site scripting. This vulnerability is traded as CVE-2018-18674. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in GNUBOARD5 up to 5.3.2.8. Affected is an unknown function of the file install_db.php. The manipulation of the argument table_prefix leads to sql injection. This vulnerability is traded as CVE-2020-18662. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in GNUBOARD5 up to 5.3.2.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file bbs/login.php. The manipulation of the argument url leads to cross site scripting. This vulnerability is known as CVE-2020-18661. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in GNUBOARD5 up to 5.3.2.8 and classified as problematic. Affected by this issue is some unknown functionality of the file bbs/move_update.php of the component Parameter Handler. The manipulation of the argument act leads to cross site scripting. This vulnerability is handled as CVE-2020-18663. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in gnuboard5 up to 5.5.5. This vulnerability affects unknown code of the component Email Address Handler. The manipulation leads to inadequate encryption strength. This vulnerability was named CVE-2022-1252. Access to the local network is required for this attack to succeed. There is no exploit available.