Hacking8 安全信息流
最近更新
| 时间 | 节点 | |
|---|---|---|
| 2024年5月6日 14:13 | 先知社区 | |
| 2024年5月6日 14:13 | 先知社区 | |
| 2024年5月6日 13:33 | Github关注 |
LLAP is an LLVM-based tool for generating enriched program dependency graphs (ePDGs) from program source code that are suitable for use in AI/ML mo… |
| 2024年5月6日 13:14 | 知名组件CVE监控 |
有新的漏洞组件被发现啦,组件ID:Ruijie A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| 2024年5月6日 13:14 | 知名组件CVE监控 |
有新的漏洞组件被发现啦,组件ID:Ruijie A vulnerability has been found in Ruijie RG-UAC up to 20240428 and classified as critical. This vulnerability affects unknown code of the file /view/IPV6/ipv6Addr/ip_addr_edit_commit.php. The manipulation of the argument text_ip_addr/orgprelen/orgname leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263110 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| 2024年5月6日 13:14 | 知名组件CVE监控 |
有新的漏洞组件被发现啦,组件ID:Ruijie A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240428. This affects an unknown part of the file /view/IPV6/ipv6Addr/ip_addr_add_commit.php. The manipulation of the argument prelen/ethname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263109 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| 2024年5月6日 13:14 | 知名组件CVE监控 |
有新的漏洞组件被发现啦,组件ID:Ruijie A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240428. Affected by this issue is some unknown functionality of the file /view/HAconfig/baseConfig/commit.php. The manipulation of the argument peer_ip/local_ip leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263108. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| 2024年5月6日 13:14 | 知名组件CVE监控 |
有新的漏洞组件被发现啦,组件ID:Ruijie A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240428. Affected by this vulnerability is an unknown functionality of the file /view/dhcp/dhcpConfig/dhcp_relay_commit.php. The manipulation of the argument interface_from leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263107. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| 2024年5月6日 13:14 | 知名组件CVE监控 |
有新的漏洞组件被发现啦,组件ID:Ruijie A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240428. Affected is an unknown function of the file /view/dhcp/dhcpClient/dhcp_client_commit.php. The manipulation of the argument ifName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263106 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| 2024年5月6日 13:14 | 知名组件CVE监控 |
有新的漏洞组件被发现啦,组件ID:Ruijie A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. This issue affects some unknown processing of the file /view/bugSolve/captureData/commit.php. The manipulation of the argument tcpDump leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263105 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
| 2024年5月6日 13:13 | Github关注 | |
| 2024年5月6日 13:13 | freebuf |
压缩包本身并不具备隐藏信息的功能,但由于在CTF竞赛中,经常出现压缩包与隐写术结合在一起的题目,所以我们需要掌握在CTF竞赛中有关 ZIP ... |
| 2024年5月6日 12:13 | freebuf |
大多数情况下,攻击者会利用信任关系,通过入侵第三方外部供应商或承包商,在连接的虚拟机或混合环境中执行命令。 |
| 2024年5月6日 11:53 | Github关注 | |
| 2024年5月6日 11:53 | Github关注 |
NextTrace, an open source visual route tracking CLI tool |
| 2024年5月6日 11:53 | Github关注 |
An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDA… |
| 2024年5月6日 11:53 | freebuf |
2023 年,在Bitsight观察到的所有组织中,有35%的组织处理过KEV,其中绝大多数的组织有一个以上的KEV。 |
| 2024年5月6日 11:53 | freebuf |
大多数情况下,攻击者会利用信任关系,通过入侵第三方外部供应商或承包商,在连接的虚拟机或混合环境中执行命令。 |
| 2024年5月6日 11:53 | 先知社区 | |
| 2024年5月6日 11:33 | 先知社区 | |
| 2024年5月6日 11:33 | 先知社区 | |
| 2024年5月6日 11:13 | Github关注 |
AttacKG: Constructing Knowledge-enhanced Attack Graphs from Cyber Threat Intelligence Reports |
| 2024年5月6日 11:13 | 先知社区 | |
| 2024年5月6日 11:13 | 先知社区 | |
| 2024年5月6日 10:53 | 先知社区 | |
| 2024年5月6日 10:13 | 补天社区 |
用友NC runStateServlet注入漏洞分析 |
| 2024年5月6日 10:13 | freebuf |
在实际复现过程中也遇到了很多的问题,关键就是要利用前后端服务器对数据包的处理不同。 |
| 2024年5月6日 09:53 | Github关注 |
burp手工检测fastjson辅助 |
| 2024年5月6日 09:53 | 先知社区 | |
| 2024年5月6日 09:53 | 先知社区 |