13 matches found
Injected Malicious Code
XZ is vulnerable to Injected Malicious Code. Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which...
GLSA-202403-04 : XZ utils: Backdoor in release tarballs
The remote host is affected by the vulnerability described in GLSA-202403-04 XZ utils: Backdoor in release tarballs - Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt...
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...
CVE-2024-3094 Xz: malicious code in distributed source
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in...
DSK DSKNet 代码问题漏洞
DSK DSKNet is a data interaction program from DSK Japan. Their time and attendance data can be accessed interactively from any site connected to your network. DSK DSKNet 2.16.136.0 and 2.17.136.5 A security vulnerability exists in Touch settings that allow PDF uploads with PHP content and...
Design/Logic Flaw
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found...
CVE-2020-12028
CVE-2020-12028 affects Rockwell Automation FactoryTalk View SE SCADA (FactoryTalk View SEA remote). The issue arises from handlers that do not enforce permissions, enabling an attacker to interact with remote endpoint data. Exploitation is described as an unauthenticated/remote chain of vulnerabi...
CVE-2020-12028 Rockwell Automation FactoryTalk View SE
In all versions of FactoryTalk View SEA remote, an authenticated attacker may be able to utilize certain handlers to interact with the data on the remote endpoint since those handlers do not enforce appropriate permissions. Rockwell Automation recommends enabling built in security features found...
代码审计系列5: PHPYUN多个问题(涉及CSRF、XSS)
简要描述: 这个程序较大,客户较多,出现这种问题影响也比较大。 详细说明: 由于整个程序的后台与后端的数据交互都没有对CSRF做防范,导致这程序后台面临着巨大的威胁。 另外还存在着诸多的XSS漏洞。 受影响较严重的功能: 系统管理 基础配置 网站配置 系统管理 基础配置 支付配置 系统管理 基础配置 管理员配置 系统管理 基础配置 导航配置 运营管理 运营管理 后台充值 运营管理 运营管理 短信群发 PS: 对于金钱相关的事儿,黑客们应该比较感兴趣吧 漏洞证明: 下面利用CSRF插入XSS的例子来说明一下。 首先定位: 运营管理 运营管理 友情链接 这里的过滤并不完善,可以完全绕开。...