【资料】5份中央情报局资料
5份文件均讨论了中央情报局的行动与影响,重点概述了中央情报局的情报工作、外交政策影响、阿富汗的军事行动、情报行动中使用记者和神职人员以及选举干预。
Aggregator
Submit #619028: Big Big Channel Limited big big shop 2.9.0 Task Hijacking [Accepted]
10 months 2 weeks ago
Submit #619028 / VDB-318611
fxizenta
CVE-2025-8511 | Portabilis i-Diario 1.5.0 Observações /diario-de-observacoes/ Descrição cross site scripting (EUVD-2025-23479)
10 months 2 weeks ago
A vulnerability classified as problematic was found in Portabilis i-Diario 1.5.0. This vulnerability affects unknown code of the file /diario-de-observacoes/ of the component Observações. The manipulation of the argument Descrição leads to cross site scripting.
This vulnerability was named CVE-2025-8511. The attack can be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-8510 | Portabilis i-Educar 2.10 educar_matricula_lst.php Gerar ref_cod_aluno cross site scripting (EUVD-2025-23476)
10 months 2 weeks ago
A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-8510. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
It is recommended to apply a patch to fix this issue.
The vendor initially closed the original advisory without requesting a CVE.
vuldb.com
CVE-2025-8509 | Portabilis i-Educar 2.9 educar_servidor_cad.php matricula cross site scripting (EUVD-2025-23477)
10 months 2 weeks ago
A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_cad.php. The manipulation of the argument matricula leads to cross site scripting.
This vulnerability is handled as CVE-2025-8509. The attack may be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-8508 | Portabilis i-Educar 2.9 educar_avaliacao_desempenho_cad.php titulo_avaliacao/descricao cross site scripting (EUVD-2025-23475)
10 months 2 weeks ago
A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avaliacao/descricao leads to cross site scripting.
This vulnerability is known as CVE-2025-8508. The attack can be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-8507 | Portabilis i-Educar 2.9 educar_funcao_lst.php nm_funcao/abreviatura cross site scripting (EUVD-2025-23474)
10 months 2 weeks ago
A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educar_funcao_lst.php. The manipulation of the argument nm_funcao/abreviatura leads to cross site scripting.
This vulnerability is traded as CVE-2025-8507. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Из FPS в FLOPS: Китай запустил подпольную переработку RTX 5090
10 months 2 weeks ago
Пока США запрещали, Китай уже штампует ИИ-ускорители из обычных RTX 5090.
Submit #618973: Portabilis i-Diario 1.5.0 Cross Site Scripting [Accepted]
10 months 2 weeks ago
Submit #618973 / VDB-318610
marceloQz
Submit #618964: Portabilis i-Educar 2.10 Cross Site Scripting [Accepted]
10 months 2 weeks ago
Submit #618964 / VDB-318609
nmmorette
Submit #618679: Portabilis i-Educar 2.9 Cross Site Scripting [Accepted]
10 months 2 weeks ago
Submit #618679 / VDB-318608
marceloQz
Submit #618678: Portabilis i-Educar 2.9 Cross Site Scripting [Accepted]
10 months 2 weeks ago
Submit #618678 / VDB-318607
marceloQz
Submit #618677: Portabilis i-Educar 2.9 Cross Site Scripting [Accepted]
10 months 2 weeks ago
Submit #618677 / VDB-318606
marceloQz
CVE-2014-2284 | net-snmp up to 5.7.2 on Linux ICMP-MIB Table Object /proc/net/snmp decode_icmp_msg input validation (Commit a1fd64 / Nessus ID 73162)
10 months 2 weeks ago
A vulnerability has been found in net-snmp up to 5.7.2 on Linux and classified as problematic. Affected by this vulnerability is the function decode_icmp_msg of the file /proc/net/snmp of the component ICMP-MIB Table Object Handler. The manipulation leads to improper input validation.
This vulnerability is known as CVE-2014-2284. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2014-2285 | net-snmp 5.7.3 PERL newSVpv Community String input validation (Nessus ID 73163 / ID 123075)
10 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in net-snmp 5.7.3. Affected is the function newSVpv of the component PERL Handler. The manipulation as part of Community String leads to improper input validation.
This vulnerability is traded as CVE-2014-2285. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-1094 | PostgreSQL up to 13.18/14.15/15.10/16.6/17.2 quoting syntax (Nessus ID 216248 / WID-SEC-2025-0372)
10 months 2 weeks ago
A vulnerability was found in PostgreSQL up to 13.18/14.15/15.10/16.6/17.2. It has been declared as critical. Affected by this vulnerability is the function PQescapeLiteral/PQescapeIdentifier/PQescapeString/PQescapeStringConn. The manipulation leads to improper neutralization of quoting syntax.
This vulnerability is known as CVE-2025-1094. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2014-3565 | net-snmp up to 5.7.0 SNMP Trap Processor -OQ resource management (USN-2711-1 / Nessus ID 77612)
10 months 2 weeks ago
A vulnerability was found in net-snmp. It has been classified as problematic. Affected is an unknown function of the component SNMP Trap Processor. The manipulation of the argument -OQ leads to improper resource management.
This vulnerability is traded as CVE-2014-3565. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2014-3565 | Apple Mac OS X up to 10.11.0 Net-SNMP resource management (HT205375 / Nessus ID 86086)
10 months 2 weeks ago
A vulnerability has been found in Apple Mac OS X up to 10.11.0 and classified as problematic. This vulnerability affects unknown code of the component Net-SNMP. The manipulation leads to improper resource management.
This vulnerability was named CVE-2014-3565. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
IMNCrew
10 months 2 weeks ago
You must login to view this content
cohenido
BSidesSF 2025: Mapping The SaaS Attack Surface
10 months 2 weeks ago
Creator/Author/Presenter: Jaime Blasco
Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.
Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!
The post BSidesSF 2025: Mapping The SaaS Attack Surface appeared first on Security Boulevard.
Marc Handelman