10 matches found
CVE-2025-21129
CVE-2025-21129 concerns Adobe Substance3D Stager before or at version 3.0.4, affected by a Heap-based Buffer Overflow that can enable arbitrary code execution in the current user’s context. Exploitation requires user interaction, specifically opening a malicious file. Public references in connect...
DeltaPrime Suffers $5.98M Loss as Hacker Exploits Admin Key on Arbitrum
The attack is ongoing...
Smart Contract Bug Results in $31 Million Loss
A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX...
Sudo Bug Opens Root Access on Linux Systems
A vulnerability in Sudo, a core command utility for Linux, could allow a user to execute commands as a root user even if that root access has been specifically disallowed. Sudo is a utility that allows a system administrator to give certain users or groups of users the ability to run commands in...
Huawei Ethernet Switches Y.1731拒绝服务漏洞
Huawei Ethernet Switches存在拒绝服务漏洞。 该漏洞是由于处理某些Y.1731报文时造成的错误,可被黑客利用来导致设备通过特制的数据包重新载入。 0 Huawei S2300 Huawei S3300 Huawei S5300 Huawei S6300 Huawei S9300 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-329625.htm...
Critical Zero-day Vulnerability in Adobe Reader
Critical Zero-day Vulnerability in Adobe Reader Researchers at the Lockheed Martin Computer Incident Response Team CRT and members of the Defense Security Information Exchange informed Adobe that their products were being exploited by hackers. The exploit affects all versions of Adobe Reader and...
myOpenID XSS : One of the Largest OpenID provider is Vulnerable
myOpenID XSS : One of the Largest OpenID provider is Vulnerable One of the One of the Largest Independent OpenID provider "myOpenID" is Vulnerable to Cross Site Scripting XSS ,Discovered by "SeeMe " - Member of Inj3ct0r Team. Cross Site Scripting or XSS is one of the most common application-layer...
PHP 5.3 - 'preg_match()' Full Path Disclosure
MajorSecurity Advisory 57PHP =5.3 - pregmatch full path disclosure Details ======= Product: PHP =5.3 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.php.net/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...
Alstrasoft Template Seller Pro 3.25 - Admin Password Change
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage: php ".$argv0." Host Path ID password Host: target server ip/hostname Path: path of template ID: A Valid Admin ID usally 1 works for the 'admin' nickname password: The PWD you want ...
bitrix40xInclusion.txt
Vendor: Bitrix Product: Bitrix Site Manager 4.0.x Vulnerability: php including. Consequence: custom php code execution on server Risk: Critical Description: Due to unfiltered SERVERDOCUMENTROOT variable in file \bitrix\modules\main\start.php, hacker can upload php script from other server and...