Aggregator

XCon组委会

August 15, 2024Over on the YouTube channel "SecPGH" a talk by Grey Fox titled "Introduction t

发表在《Frontiers of Computer Science》期刊上的一项研究发现，94% 用于商业决策的电子表格包含重大错误，凸显了巨大的财务和运营错误风险。电子表格中的错误可能导致决策失误，造成财务损失、定价错误以及运营问题。论文主要作者 Pak-Lok Poon 解释说，随着愈来愈多未经正式培训的人创建自己的电子表格，错误的发生率在增加，他指出很多终端用户缺乏恰当的软件开发培训，导致了更多的错误。

人们应该警惕试图诱骗自己提供更多敏感信息的网络钓鱼和短信。

8月23日·北京民航国际会议中心 XCon2024·循变启航~

A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_get_fullscreen_photos of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument user leads to buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-7832. The attack may be launched remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_get_cooliris of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument path leads to buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2024-7831. The attack can be launched remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_move_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument photo_name leads to buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2024-7830. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_del_photo of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument current_path leads to buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2024-7829. The attack may be initiated remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This vulnerability affects the function cgi_set_cover of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument album_name leads to buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2024-7828. The attack can be initiated remotely. Furthermore, there is an exploit available. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.

Network Security / CybercrimeCybersecurity researchers have discovered a new variant of the Gafgyt

Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers running on cloud native environments," Aqua Security researcher Assaf Morag said in a Wednesday analysis.

A vulnerability classified as problematic has been found in WP MultiTasking Plugin up to 0.1.12 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6859. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WP MultiTasking Plugin up to 0.1.12 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Exit Popup Update Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-6855. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in WP MultiTasking Plugin up to 0.1.12 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-6852. The attack can be launched remotely. There is no exploit available.

"Nothing is more permanent than a temporary solution."- Russian ProverbThis is a continuation of my

A vulnerability was found in WP MultiTasking Plugin up to 0.1.12 on WordPress. It has been classified as problematic. Affected is an unknown function of the component SMTP Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-6856. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Opti Marketing Plugin up to 2.0.9 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-6928. The attack may be initiated remotely. There is no exploit available.