Cybersecurity information flow

htmlLawed 1.2.5 - Remote Code Execution (RCE)

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

Backdrop CMS 1.27.1 - Remote Command Execution (RCE)

Apache OFBiz 18.12.12 - Directory Traversal

Wordpress Theme XStore 9.3.8 - SQLi

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

Timitator(战术模仿者) 组织自2022年到2023年针对我国的能源、高校、科研机构及军工等行业进行攻击，主要采取鱼叉、nday等方...

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]local poc for CVE-2024-32002

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前，带有子模块的仓库可以以一种利用 Git 中的漏洞的方式构建，这种方式可以让 Git 被愚弄，将文件写入 \".git/\" 目录，而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子，使用户没有机会检查正在执行的代码。该问题已在 2.45.1、2.44.1、2.4

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
[GitHub]A PoC exploit for CVE-2014-6271 - Shellshock

" GNU Bash在4.3版本中，会在环境变量值的函数定义后处理尾随字符串，这允许远程攻击者通过构造恶意的环境变量执行任意代码，如OpenSSH sshd中的ForceCommand特性，Apache HTTP Server中的mod_cgi和mod_cgid模块，以及未知DHCP客户端执行的脚本等场景。设置环境的过程跨越了Bash执行的特权边界，即“ShellShock”。需要注意的是，此问题的原始修复方案是错误的；CVE-2014-7169已经分配给覆盖在错误修复后仍然存在的漏洞。\n[GitHub] A PoC exploit for CVE-2014-6271 - Shellshoc

精选了本周知识大陆公开发布的10条优质资源，让我们一起看看吧。

近期，火绒安全实验室收到用户反馈称自己下载的 Telegram 汉化文件安装后造成系统异常，火绒安全工程师第一时间为用户提供技术支持，提取样...

Topic: TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution Risk: Low Text:Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac...

" 主题：TrojanSpy.Win64.EMOTET.A MVID-2024-0684 代码执行风险：低\n\n文本：发现/致谢：Malvuln（John Page 又名 hyp3rlinx）（版权所有 2024）\n原始来源：https://malvuln.com/advisory/f917c77f60c3c1ac...\n\n恶意软件概述：TrojanSpy.Win64.EMOTET.A 是一款针对 Windows 64 架构的间谍软件。执行代码的风险较低。\n\n发现与致谢：感谢 Malvuln（John Page 又名 hyp3rlinx）版权所有 2024。原始来源：https://malvuln.com/advisory/f917c77f60c3c1ac..."

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.
[GitHub]CVE-2024-27972 WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution

" 非常优秀的插件WP Fusion Lite中，对命令中使用的特殊元素的不正确中和（命令注入）漏洞允许命令注入。此问题影响了WP Fusion Lite版本：从n/a至3.41.24。\n[GitHub]CVE-2024-27972 WP Fusion Lite <= 3.41.24 - 认证（贡献者+）远程代码执行"

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]CVE-2024-32002 RCE PoC

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前，带有子模块的仓库可以以一种利用 Git 中的漏洞的方式构建，这种方式可以让 Git 被欺骗地将文件写入 `.git/` 目录，而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子，使用户没有机会检查正在执行的代码。该问题已在 2.45.1、2.44.1、2.43.4、2.42

Windows Kernel Elevation of Privilege Vulnerability
[GitHub]Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.

" Windows内核权限提升漏洞\n[GitHub]启用HVCI的Windows 10和Windows 11操作系统上的管理员到内核的本地权限提升漏洞。"

malware written for educational purposes

阿里云数据库内核月报分类整理（定时更新） http://mysql.taobao.org/monthly/

📌 a missing Java std lib(simple & 0-dependency) for framework/middleware, provide an enhanced InheritableThreadLocal that transmits values between …

本项目是一个基于vue、nuxt.js的网盘搜索项目，且持续开源和维护；目的实现人人都可以拥有自己的网盘搜索网站；建议自己部署，salute to all

List of free GPTs that doesn't require plus subscription

有新的漏洞组件被发现啦,组件ID:XAMPP
Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.

有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after those lines are printed (although I wasn't able to reproduce that part when reading by hand): [ 1318.016074][ T1082] ====================================================== [ 1318.016607][ T1082] WARNING: possible circular locking dependency detected [ 1318.017107][ T1082] 6.8.0-rc7-00015-ge0c8221b72c0 #17 Not tainted [ 1318.017598][ T1082] ------------------------------------------------------ [ 1318.018096][ T1082] tar/1082 is trying to acquire lock: [ 1318.018585][ T1082] ffff98c44175d6a0 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x40/0x80 [ 1318.019084][ T1082] [ 1318.019084][ T1082] but task is already holding lock: [ 1318.020052][ T1082] ffff98c4c13f55f8 (reservation_ww_class_mutex){+.

有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that dm-raid relies on __md_stop_writes() to frozen sync_thread indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in md_stop_writes(), and since stop_sync_thread() is only used for dm-raid in this case, also move stop_sync_thread() to md_stop_writes(). 2) The flag MD_RECOVERY_FROZEN doesn't mean that sync thread is frozen, it only prevent new sync_thread to start, and it can't stop the running sync thread; In order to frozen sync_thread, after seting the flag, stop_sync_thread() should be used. 3) The flag MD_RECOVERY_FROZEN doesn't mean that writes are stopped, use it as condition for md_stop_writes() in raid_postsuspend() doesn't look correct. Consider that reentrant stop_sync_thread() do nothing, always call md_stop_writes() in raid_postsu

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php.

有新的漏洞组件被发现啦,组件ID:Zabbix
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash.

Simple library to listen and send events to keyboard and mouse (MacOS, Windows, Linux)

Heapless, `static` friendly data structures