Aggregator

A vulnerability was found in NetNumber Titan ENUM DNS NP 7.9.1. It has been declared as critical. Impacted is an unknown function of the component Drp Endpoint. Executing a manipulation of the argument path can lead to path traversal. This vulnerability is handled as CVE-2019-25610. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Echatserver Easy Chat 3.1. It has been classified as problematic. This issue affects some unknown processing of the file body2.ghp of the component Message Handler. Performing a manipulation results in improper verification of source of a communication channel. This vulnerability is known as CVE-2019-25613. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in Freefloat Free Float FTP 1.0 and classified as critical. This vulnerability affects unknown code of the component STOR Handler. Such manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2019-25614. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in WWBN AVideo up to 25.x and classified as critical. This affects an unknown part of the file view/hls.php of the component HLS Streaming Endpoint. This manipulation of the argument videoDirectory causes path traversal. This vulnerability appears as CVE-2026-33292. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

Оператор такой вежливый, всё объясняет, вы благодарите за помощь — а через 5 минут у вас нет ни денег, ни аккаунта.

转自：孤岛杂记项目生产过程中，从原始数据到成果数据都会有大量的数据需要存储，动则数十GB，甚至可达数十TB级别

今日暂未更新资讯~
更多最新文章，请访问SecWiki

В США предъявлены обвинения руководству Supermicro.

The notorious hacking collective LAPSUS$ has resurfaced, allegedly claiming responsibility for a significant data breach involving the multinational pharmaceutical and biotechnology company AstraZeneca. The threat actors are currently attempting to sell a compressed 3GB internal data dump, signaling a potential shift towards pay-to-access extortion methods. LAPSUS$, previously known for high-profile breaches targeting major technology firms, […]

The post AstraZeneca Data Breach – LAPSUS$ Group Allegedly Claims Access to Internal Data appeared first on Cyber Security News.

Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager. The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web […]

如果全球互联网瞬间中断，你的电脑还能做什么？ 查不了资料、用不了 AI、看不了课程、连地图都打不开，我们早已习惯依赖网络的电子设备，瞬间就会沦为一块砖头。 而现在，有个刚出圈的开源项目，直接解决了这个终极痛点。它就是Project N.O.M.A.D.， 一个完全离线优先、自给自足的知识与教育服务器，把可本地运行的 AI、核心生产工具、人类文明关键知识库，全打包进了你的设备里。 哪怕所有网线被剪断，哪怕身处完全无网的环境，它也能照常运转。一块太阳能板、一台迷你主机，就能撑起一个永不掉线的个人知识庇护所。 Project N.O.M.A.D. 的部署门槛极低，最低配置2GHz 双核及以上 CPU、4GB 内存、5GB 以上磁盘空间、Debian 系统，全程终端操作，无需桌面环境，装完后所有功能都能通过浏览器访问，你完全可以把它装在一台设备上当专属服务器，用其他终端随时访问。 Project N.O.M.A.D. 并非凭空打造的全能系统，而是整合了7 大开源工具Ollama、Qdrant、Kiwix、Kolibri、ProtoMaps、CyberChef、FlatNotes 这 7 个平台 / 工具，每个平台都在各自领域深耕多年，是离线场景下的最优解。 内置基于 Ollama 驱动的本地大模型对话能力，搭配 Qdrant 向量数据库实现 RAG 检索增强，支持文档上传和语义搜索。 不用联网、不用申请 API、没有订阅费，所有对话和数据都只存在你的本地设备里，隐私拉满，断网也能随时用 AI。 通过 Kiwix 实现全离线内容库，打包了全量维基百科、权威医学参考指南、生存手册、海量电子书等核心资源。哪怕没有网络，你也能随时查阅人类文明的核心知识。 基于 Kolibri 搭建的教育系统，内置可汗学院全套课程，支持学习进度追踪、多用户权限管理。不管是给孩子做启蒙，还是自己系统学技能，没网也完全不耽误。 搭载 ProtoMaps，支持下载各区域的离线地图，搜索、导航功能全离线可用，房车出行、户外探险、偏远地区作业，再也不怕没信号迷路。 CyberChef 加持，加密、编码、哈希、数据分析一站式搞定 FlatNotes 提供本地 Markdown 笔记能力，灵感随时记录 项目地址： https://github.com/Crosstalk-Solutions/project-nomad

Рассказываем, как хакеры «наказывают» нечестных игроков.

Author, Creator & Presenter: Seth Law, Founder of Redpoint Security

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

The post BSidesSLC 2025 – Faces In The Fog – Seth Law On Unconventional User Enumeration appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in Labf Axessh 4.2. Affected by this issue is some unknown functionality. The manipulation of the argument log file name results in out-of-bounds write. This vulnerability is reported as CVE-2019-25607. The attack requires a local approach. Moreover, an exploit is present.