最近更新
时间 | 节点 | |
---|---|---|
2024年5月7日 04:03 | Github_POC |
[GitHub]LINKSYS AC1900 EA7500v3 IGD UPnP Stack Buffer Overflow Remote Code Execution Vulnerability " [GitHub] LINKSYS AC1900 EA7500v3 IGD UPnP Stack Buffer Overflow 远程代码执行漏洞" |
2024年5月7日 04:03 | Github_POC |
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. [GitHub]Fix open source package uses tough-cookie 2.5.0 - CVE-2023-26136, " 版本在4.1.3之前的tough-cookie软件包容易受到原型污染漏洞,原因是在使用CookieJar时,rejectPublicSuffixes=false模式下对Cookie处理不当。此问题源于对象初始化的方式。\n[GitHub]修复开源软件包中使用的tough-cookie 2.5.0 - CVE-2023-26136," |
2024年5月7日 01:28 | hackone |
影响厂商:IBM 奖励: 危险等级:medium " 跨站脚本攻击(XSS)在 Aspera 文档网站" |
2024年5月7日 01:28 | hackone |
影响厂商:b'IBM'(https://hackerone.com/ibm) " 跨站脚本攻击(XSS)在阿斯佩拉文档网站" |
2024年5月7日 00:47 | Github关注 |
A shadcn table component with server-side sorting, filtering, and pagination. |
2024年5月7日 00:47 | Github关注 | |
2024年5月7日 00:07 | SecWiki周报 |
SecWiki周刊(第531期) https://www.sec-wiki.com/weekly/531 在联邦推荐安全中探索用户画像与物品间的相互作用 https://mp.weixin.qq.com/s/1wsfoBg1J0dcY_AAzFHehQ DinodasRAT Linux后门剖析及通信解密尝试 https://mp.weixin.qq.com/s/rAWQVP1EjesI6huEVNngoA MikroTik软路由攻击场景复现及后门加解密剖析 https://mp.weixin.qq.com/s/azDzg3op0kqBUpakFtkTAw |
2024年5月6日 23:18 | Trustwave Blog |
For the second consecutive year, Cyber Defense Magazine honored Trustwave with a 2024 Global InfoSec Award for Best Solution Managed Detection and Response (MDR) Service Provider. " 连续第二年,网络安全防御杂志将2024年全球信息安全奖授予了Trustwave,表彰其最佳托管检测与应对(MDR)服务提供商。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected. " Gentoo Linux安全公告202405-2 - 在ImageMagick中发现了多个漏洞,其中最严重的可能导致远程代码执行。版本号大于或等于6.9.13.0的受影响。" |
2024年5月6日 22:44 | Packet Storm |
Red Hat Security Advisory 2024-2699-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability. " 红帽安全公告2024-2699-03 - 现在可为Red Hat Enterprise Linux 8提供git-lfs更新。解决的问题包括服务拒绝漏洞。" |
2024年5月6日 22:44 | Packet Storm |
Red Hat Security Advisory 2024-2700-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability. " 红帽安全公告2024-2700-03 - 现已为Red Hat Enterprise Linux 9.0扩展更新支持提供varnish更新。解决的问题包括服务拒绝漏洞。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-3 - A vulnerability has been discovered in Dalli, which can lead to code injection. Versions greater than or equal to 3.2.3 are affected. " Gentoo Linux安全公告202405-3 - 已在Dalli中发现了漏洞,可能导致代码注入。版本大于或等于3.2.3的版本受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-4 - Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service. Versions greater than or equal to 252.4 are affected. " Gentoo Linux安全公告202405-4:在systemd中发现了多个漏洞,其中最严重的可能导致服务拒绝。版本大于或等于252.4的系统受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Live2D Cubism suffers from a heap corruption vulnerability. " Live2D Cubism存在堆损坏漏洞。" |
2024年5月6日 22:44 | Packet Storm |
Debian Linux Security Advisory 5677-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code. " Debian Linux安全公告5677-1:在Ruby语言的解释器中发现了多个漏洞,可能导致信息泄露、服务拒绝或任意代码执行。" |
2024年5月6日 22:44 | Packet Storm |
Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code. " Debian Linux安全公告5678-1:在GNU C库中的Name Service Cache Daemon(nscd)中发现了多个漏洞,可能导致服务拒绝或执行任意代码。" |
2024年5月6日 22:44 | Packet Storm |
Debian Linux Security Advisory 5679-1 - Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed. " Debian Linux安全公告5679-1:在less,一个文件分页器中发现了多个漏洞,如果处理具有特殊构造文件名的文件,可能导致执行任意命令。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-5 - Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.5 are affected. " Gentoo Linux安全公告202405-5:在MPlayer中发现了多个漏洞,其中最严重的可能导致任意代码执行。版本号大于或等于1.5的受影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected. " Gentoo Linux安全公告202405-6 - 已在mujs中发现了多个漏洞,其中最严重的可能导致远程代码执行。版本大于或等于1.3.2的系统受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-7 - Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.9.16 are affected. " Gentoo Linux安全公告202405-7 - 已在HTMLDOC中发现了多个漏洞,其中最严重的可能导致任意代码执行。版本大于或等于1.9.16的系统受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-8 - Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution. Versions greater than or equal to 5.9.10 are affected. " Gentoo Linux安全公告202405-8:在strongSwan中发现了多个漏洞,其中最严重的可能导致远程代码执行。版本大于或等于5.9.10的系统受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-9 - Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution. Versions greater than or equal to 23.10 are affected. " Gentoo Linux安全公告202405-9:在MediaInfo和MediaInfoLib中发现了多个漏洞,其中最严重的漏洞可能导致用户协助下的远程代码执行。版本号大于或等于23.10的系统受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-10 - A vulnerability has been discovered in Setuptools, which can lead to denial of service. Versions greater than or equal to 65.5.1 are affected. " Gentoo Linux安全公告202405-10 - 发现了Setuptools中的一个漏洞,可能导致拒绝服务。版本号大于或等于65.5.1的版本受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-11 - Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution. Versions greater than or equal to 1.21.2 are affected. " Gentoo Linux安全公告202405-11:在MIT krb5中发现了多个漏洞,其中最严重的可能导致远程代码执行。版本大于或等于1.21.2的系统受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-12 - Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 10.2.0 are affected. " Gentoo Linux安全公告202405-12 - 在Pillow中发现了多个漏洞,其中最严重的可能导致任意代码执行。版本号大于或等于10.2.0的受影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-13 - A vulnerability has been discovered in borgmatic, which can lead to shell injection. Versions greater than or equal to 1.8.8 are affected. " Gentoo Linux安全公告202405-13 - 已在borgmatic中发现了漏洞,可能导致shell注入。版本号大于或等于1.8.8的版本受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.13_p20240322 are affected. " Gentoo Linux安全公告202405-14 - 在QtWebEngine中发现了多个漏洞,其中最严重的可能导致远程代码执行。版本号大于或等于5.15.13_p20240322的受影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-15 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution. Versions greater than or equal to 115.8.0:esr are affected. " Gentoo Linux安全公告202405-15:在Mozilla Firefox中发现了多个漏洞,其中最严重的可能导致远程代码执行。版本大于或等于115.8.0:esr的用户受到影响。" |
2024年5月6日 22:44 | Packet Storm |
Gentoo Linux Security Advisory 202405-16 - A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution. Versions greater than or equal to 6.6.0 are affected. " Gentoo Linux安全公告202405-16 - 已在Apache Commons BCEL中发现漏洞,可能导致远程代码执行。版本大于或等于6.6.0的版本受到影响。" |
2024年5月6日 22:43 | Packet Storm |
This Metasploit module performs a container escape onto the host as the daemon user. It takes advantage of the SYS_MODULE capability. If that exists and the linux headers are available to compile on the target, then we can escape onto the host. " 这个Metasploit模块利用SYS_MODULE能力,以daemon用户身份在主机上执行容器逃逸。如果存在此功能,并且目标主机上有可用于编译的Linux头文件,那么我们就可以逃逸到主机。" |