Hacking8 安全信息流 最近更新
| 时间 | 节点 | |
|---|---|---|
| 2022年12月10日 06:55 | Exploitalert | Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS 台达电子 DX-2100-L1-CN 1.5.0.10命令注入/XSS |
| 2022年12月10日 06:55 | Exploitalert | Delta Electronics DVW-W02W2-E2 2.42 Command Injection Delta Electronics DVW-W02W2-E2 2.42 Command Injection 台达电子 DVW-w02w2-e22.42命令注入 |
| 2022年12月10日 06:55 | Exploitalert | Planet eStream Code Execution / SQL Injection / XSS / Broken Control Planet eStream Code Execution / SQL Injection / XSS / Broken Control |
| 2022年12月10日 06:55 | Exploitalert | Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks |
| 2022年12月10日 06:55 | Exploitalert | Snap-confine must_mkdir_and_open_with_perms Race Condition Snap-confine must_mkdir_and_open_with_perms Race Condition 管理单元-限制必须 _ mkdir _ and _ open _ with _ perms 竞争条件 |
| 2022年12月10日 06:55 | Exploitalert | |
| 2022年12月10日 06:55 | Exploitalert | ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect ILIAS eLearning 7.15命令注入/XSS/LFI/Open Redirect |
| 2022年12月10日 06:54 | nccgroup | Public Report – VPN by Google One Security Assessment During the summer of 2022, Google engaged NCC Group to conduct a security assessment of VPN by Google One. VPN by Google One is a service that increases connection security and privacy to end users. Google provides several clients covering the most widely used operating systems; these VPN clients provide both encrypted transit and IP … Continue reading Public Report – VPN by Google One Security Assessment → 2022年夏天,谷歌委托 NCC 集团对 Google One 的 VPN 进行安全评估。Google One 提供的 VPN 服务增强了终端用户的连接安全性和隐私性。谷歌提供了几个客户端,涵盖了最广泛使用的操作系统; 这些 VPN 客户端同时提供加密传输和 IP... ... 继续阅读 Google One 安全评估的公共报告-VPN → |
| 2022年12月10日 06:54 | Wallarm Blog | What ChatGPT know about API Security? There is no doubt that you heard about and seen the latest OpenAI’s brilliant called ChatGPT. It can write poems, speak many languages, answer questions, play chess, make code and impress everyone. In this post, we show a few more of how this AI model is good in cybersecurity, in particular in API Security implementations. [...] The post What ChatGPT know about API Security? appeared first on Wallarm. 毫无疑问,你听说和看到了最新的 OpenAI 的辉煌称为 ChatGPT。它可以写诗,说多种语言,回答问题,下棋,编码,给每个人留下深刻印象。在这篇文章中,我们展示了这种 AI 模型如何在网络安全方面表现良好,特别是在 API 安全实现方面。[...] ChatGPT 对 API 安全性了解多少? 这篇文章最早出现在 Wallarm 上。 |
| 2022年12月10日 06:52 | CXSECURITY Database RSS Feed - | Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS Topic: Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS Risk: Medium Text:CyberDanube Security Research 20221130-0 - title| Multiple Vulnerabilities ... 主题: 台达电子 DX-2100-L1-CN 1.5.0.10命令注入/XSS 风险: 中级文本: CyberDanube 安全研究20221130-0-title | 多重漏洞..。 |
| 2022年12月10日 06:52 | CXSECURITY Database RSS Feed - | Delta Electronics DVW-W02W2-E2 2.42 Command Injection Topic: Delta Electronics DVW-W02W2-E2 2.42 Command Injection Risk: Low Text:CyberDanube Security Research 20221130-1 - title| Authenticated Command Injection ... 主题: 台达电子 DVW-w02w2-E22.42命令注入风险: 低文本: CyberDanube 安全研究20221130-1-title | 认证命令注入..。 |
| 2022年12月10日 06:52 | CXSECURITY Database RSS Feed - | Planet eStream Code Execution / SQL Injection / XSS / Broken Control Topic: Planet eStream Code Execution / SQL Injection / XSS / Broken Control Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory < 20221130-0 > == title: Multiple criti... 题目: Planet eStream 代码执行/SQL 注入/XSS/破碎控制风险: 中级文本: SEC 咨询漏洞实验室安全咨询 < 20221130-0 > = = 标题: 多重批评..。 |
| 2022年12月10日 06:52 | CXSECURITY Database RSS Feed - | Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks Topic: Zhuhai Suny Technology ESL Tag Forgery / Replay Attacks Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory < 20221201-0 > == title: Replay attacks... 题目: 珠海阳光科技 ESL 标签伪造/重放攻击风险: 中文: SEC 咨询漏洞实验室安全咨询 < 20221201-0 > = = 标题: 重放攻击..。 |
| 2022年12月10日 06:52 | CXSECURITY Database RSS Feed - | snap-confine must_mkdir_and_open_with_perms() Race Condition Topic: snap-confine must_mkdir_and_open_with_perms() Race Condition Risk: High Text:Qualys Security Advisory Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328) ... 比赛条件风险: 高风险: 高质量安全咨询比赛条件在比赛条件必须 _ mkdir _ and _ open _ with _ perms ()(CVE-2022-3328)。 |
| 2022年12月10日 06:52 | CXSECURITY Database RSS Feed - | Intel Data Center Manager 4.1 SQL Injection Topic: Intel Data Center Manager 4.1 SQL Injection Risk: Medium Text:RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION == Product: Intel Data Center M... 标题: 英特尔数据中心管理器4.1 SQL 注入风险: 中级文本: RCE 安全咨询 https://www.rcesecurity.com 1。咨询信息 = = 产品: 英特尔数据中心。. |
| 2022年12月10日 06:52 | CXSECURITY Database RSS Feed - | ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect Topic: ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect Risk: High Text:SEC Consult Vulnerability Lab Security Advisory < 20221206-0 > == title: Multiple criti... 讲题: ILIAS eLearning 7.15命令注入/XSS/LFI/开放重定向风险: 高文本: SEC 咨询脆弱性实验室安全顾问 < 20221206-0 > = = 标题: 多重批评..。 |
| 2022年12月10日 06:49 | burp | ChatGPT bid for bogus bug bounty is thwarted Improving large language models offer ‘just one more way to attack code, and one more way to defend code’ 改进大型语言模型提供了“又一种攻击代码的方法,又一种保护代码的方法” |
| 2022年12月10日 06:28 | Github关注 | klezVirus starred praetorian-inc/noseyparker Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history. |
| 2022年12月10日 05:28 | Github关注 | ASkyeye forked ASkyeye/codon from exaloop/codon A high-performance, zero-overhead, extensible Python compiler using LLVM |
| 2022年12月10日 05:08 | Github关注 | |
| 2022年12月10日 04:52 | Data Breach – Security Affairs | CommonSpirit confirms data breach impacts 623K patients CommonSpirit Health confirmed that the October security breach resulted in the exposure of the personal data of 623,774 patients. In early October, Common Spirit, one of the largest hospital chains in the US, suffered a ransomware cyberattack that caused severe inconvenience to the facilities and to patients. The security breach led to delayed surgeries, hold-ups […] The post CommonSpirit confirms data breach impacts 623K patients appeared first on Security Affairs. CommonSpirit Health 证实,10月份的安全漏洞导致623,774名患者的个人数据被泄露。10月初,美国最大的连锁医院之一 Common Spirit 遭受了勒索软件的网络攻击,给医院和病人带来了严重不便。安全漏洞导致手术延迟,抢劫[ ... ] CommonSpirit 确认数据泄露影响623K 患者首次出现在安全事务上。 |
| 2022年12月10日 04:48 | Github关注 | ASkyeye forked ASkyeye/Endurance-Wiper from IntelBroker/Endurance-Wiper a small wiper malware programmed in c# |
| 2022年12月10日 04:48 | Github关注 | ASkyeye forked ASkyeye/house-party-protocol from utkusen/house-party-protocol an ultimate evidence wiper |
| 2022年12月10日 04:48 | Github关注 | |
| 2022年12月10日 04:48 | Github关注 | |
| 2022年12月10日 02:56 | Github_POC | CVE-2022-36537 (2022-08-27) Malwareman007/CVE-2022-36537 ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. [GitHub]POC of CVE-2022-36537 ZK Framework v9.6.1、9.6.0.1、9.5.1.3、9.0.1.2和8.6.4.1允许攻击者通过发送给组件 AuUploader 的 POST 请求来访问敏感信息。 [ GitHub ] CVE-2022-36537的 POC |
| 2022年12月10日 02:54 | Stories by SAFARAS K A on Medi | Supply Chain Attacks on the risk - Open Source Security Supply Chain Attack Background — WASP Attack on Python — Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of Victims TL;DR Research analysis of pywale package linked with a malicious activity (WASP group). The WASP ground approach to impersonate well known package requests from python aka StarJacking technique. A suspicious file models.py which contained base64 encoded stage1 payload that fetches stage2 payload which is highly obfuscated and performs malicious actions. Supply chain security in the open source ecosystem has become a large point of focus for the broader open source community — including the many companies and governments that rely on open source software. As an industry and community, bad actors take over user accounts, corrupt popular open source dependencies, and take advantage of vulnerabilities in some of the biggest open source projects. It’s no secret that a lot of our modern digital infrastructure runs on open source. The success of open source software (OSS), in part, comes |
| 2022年12月10日 02:52 | Trustwave Blog | Why Database Security is Integral to an Organization's Overall Security Posture An organization's database contains intellectual property, information on clients, product development, personal information on its workers, and in many cases, critical information on consumers. 组织的数据库包含知识产权、客户信息、产品开发、员工个人信息,在许多情况下还包含关于消费者的重要信息。 |
| 2022年12月10日 02:49 | burp | ChatGPT bid for bogus crypto bug bounty is thwarted Improving large language models offer ‘just one more way to attack code, and one more way to defend code’ 改进大型语言模型提供了“又一种攻击代码的方法,又一种保护代码的方法” |
| 2022年12月10日 01:08 | Github关注 |