fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

26 ℃
63%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 16:30:01
  1. [USD] USD 91,096.01
  1. [BRL] BRL 485,723.94 [USD] USD 91,096.01 [GBP] GBP 68,797.35 [EUR] EUR 78,508.27
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 16:34:47 up 70 days, 1:06, 5 users, load average: 0.00, 0.00, 0.00

Google News

[28/11/2025 14:05] 'Tem que ir para um lugar deserto', disse PM que pegou fuzil no chão durante megaoperação do Rio; agente foi preso em ação da corregedoria - O Globo

[28/11/2025 11:24] Messias receberá parecer favorável na CCJ do Senado, indica relator - CartaCapital

[28/11/2025 11:58] Moraes vota pela condenação de cinco, dos sete réus da cúpula da PMDF - Correio Braziliense

[27/11/2025 19:49] Governo avalia ir ao STF contra derrubada de vetos ao licenciamento - Poder360

[27/11/2025 17:39] Heleno pede sigilo sobre seu quadro de saúde; decisão será de Moraes - CartaCapital

[27/11/2025 09:56] O que se sabe sobre o incêndio em Hong Kong que queima há mais de 30 horas - CNN Brasil

[28/11/2025 14:08] Após aceno, Eduardo dá recado a Tarcísio e cita “tortura do pai” - Metrópoles

[28/11/2025 12:29] Criança de 5 anos morre após cair do 12º andar de prédio em Uberlândia - O TEMPO

[28/11/2025 09:36] Temporais desta sexta-feira começam com registro de granizo grande - MetSul Meteorologia

[28/11/2025 15:15] Com quem Nikolas falou ao celular na casa de Bolsonaro - Metrópoles

NVD Feed

[CVE-2012-10021] [Modified: 23-09-2025] [Analyzed] [V3.1 S9.8:CRITICAL] A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.

[CVE-2013-10040] [Modified: 23-09-2025] [Analyzed] [V3.1 S9.8:CRITICAL] ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the file via a predictable path and trigger remote code execution.

[CVE-2013-10042] [Modified: 26-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password string, the application fails to validate input length, resulting in memory corruption. This can lead to denial of service or arbitrary code execution. Exploitation requires the anonymous user account to be enabled.

[CVE-2025-52289] [Modified: 06-08-2025] [Analyzed] [V3.1 S8.0:HIGH] A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.

[CVE-2025-8408] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-50847] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.

[CVE-2025-50848] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered directly in the browser when accessed. This allows an attacker to upload a crafted HTML file containing malicious content, such as a fake login form for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the content is served from a trusted domain, it significantly increases the likelihood of successful phishing or script execution against other users.

[CVE-2025-50850] [Modified: 06-08-2025] [Analyzed] [V3.1 S8.6:HIGH] An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of usernames and passwords (brute-force attack) to gain unauthorized access to vendor accounts. The absence of any blocking mechanism makes the login endpoint susceptible to automated attacks.

[CVE-2025-50867] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.

[CVE-2025-52203] [Modified: 06-08-2025] [Analyzed] [V3.1 S7.6:HIGH] A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are subsequently stored in the database. When a legitimate user logs in and is redirected to the Dashboard panel "automatically upon authentication the malicious script executes in the user's browser context.

[CVE-2025-8409] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-34327] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.

[CVE-2025-50866] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.

[CVE-2025-51383] [Modified: 01-08-2025] [Analyzed] [V3.1 S3.5:LOW] D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.

[CVE-2025-51384] [Modified: 01-08-2025] [Analyzed] [V3.1 S3.5:LOW] D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.

[CVE-2025-51385] [Modified: 01-08-2025] [Analyzed] [V3.1 S3.5:LOW] D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.

[CVE-2025-51503] [Modified: 06-08-2025] [Analyzed] [V3.1 S7.6:HIGH] A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.

[CVE-2025-54832] [Modified: 12-09-2025] [Analyzed] [V3.1 S4.3:MEDIUM] OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.

[CVE-2025-54833] [Modified: 12-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.

[CVE-2025-54834] [Modified: 12-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap