Cybersecurity information flow

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
[GitHub]WordPress Contact Form 7 - Unrestricted File Upload

" 接触表单7（又名Contact Form 7）插件在WordPress中的版本在此之前的小于5.3.2，由于文件名可能包含特殊字符，因此允许不受限制的文件上传和远程代码执行。\n[GitHub] WordPress Contact Form 7 - 不受限制的文件上传"

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If:
[GitHub]Windows Server 2003 & IIS 6.0 - Remote Code Execution

" 在微软 Windows Server 2003 R2 中的 Internet Information Services（IIS）6.0 中的 ScStoragePathFromUrl 函数缓冲区溢出漏洞，允许远程攻击者通过以 \"If:\" 开头的长时间头执行任意代码。\n[GitHub] Windows Server 2003 & IIS 6.0 - 远程代码执行"

Hunt for C2 servers and phishing web sites using VirusTotal API , you can modify code to kill the malicious process

WebTPA, a third-party administrator that provides healthcare management and administrative services, disclosed a data breach. WebTPA is a third-party administrator that provides healthcare management and administrative services. The US company disclosed a data breach that impacted almost 2.5 million people. According to the report sent by the WebTPA to the U.S. Department of Health and […]

" WebTPA，一家提供医疗管理和服务的外包机构，披露了一起数据泄露事件。WebTPA是一家提供医疗管理和服务的外包公司。这家美国公司披露了一起影响到近250万人的数据泄露事件。根据WebTPA向美国卫生与公众服务部提交的报告中称……（译文仅供参考，请根据具体语境进行调整）"

SecLLMHolmes is a generalized, fully automated, and scalable framework to systematically evaluate the performance (i.e., accuracy and reasoning cap…

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
[GitHub]Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery

" 精心构造的请求URI路径可能导致mod_proxy将请求转发到由远程用户选择的源服务器。此问题影响Apache HTTP Server 2.4.48及更早版本。\n[GitHub]Apache <= 2.4.48 Mod_Proxy - 服务器端请求伪造"

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating syst

😱 从源码层面，剖析挖掘互联网行业主流技术的底层实现原理，为广大开发者 “提升技术深度” 提供便利。目前开放 Spring 全家桶，Mybatis、Netty、Dubbo 框架，及 Redis、Tomcat 中间件等

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]Exploit PoC for CVE-2024-32002

" Git是一种版本控制系统。在Git版本2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2和2.39.4之前，可以以一种利用Git中的漏洞的方式创建包含子模块的仓库，这种方式可以使Git被愚弄，将文件写入`.git/`目录，而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子，使用户没有机会检查正在执行的代码。该问题已在Git版本2.45.1、2.44.1、2.43.4、

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]Hook for the PoC for exploiting CVE-2024-32002

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前，带有子模块的仓库可以以一种利用 Git 中的 bug 的方式构建，这种方式可以欺骗 Git 将文件写入 `.git/` 目录，而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子，使用户没有机会检查正在执行的代码。该问题已在 2

This repository contains a PyTorch implementation of the paper "Graph Neural Networks for Vulnerability Detection - A Counterfactual Explanation".

Pip3line是一款针对RawBytes数据的安全工具，可以对数据执行各种转换、快速源码搜索和网络代理拦截等。

该木马主要特点是隐蔽性强、反分析、DLL劫持后门和shellcode注入等，因此安天CERT将该挖矿木马命名为“匿铲”。

htmlLawed 1.2.5 - Remote Code Execution (RCE)

PopojiCMS 2.0.1 - Remote Command Execution (RCE)

Backdrop CMS 1.27.1 - Remote Command Execution (RCE)

Apache OFBiz 18.12.12 - Directory Traversal

Wordpress Theme XStore 9.3.8 - SQLi

Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)

Timitator(战术模仿者) 组织自2022年到2023年针对我国的能源、高校、科研机构及军工等行业进行攻击，主要采取鱼叉、nday等方...

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]local poc for CVE-2024-32002

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前，带有子模块的仓库可以以一种利用 Git 中的漏洞的方式构建，这种方式可以让 Git 被愚弄，将文件写入 \".git/\" 目录，而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子，使用户没有机会检查正在执行的代码。该问题已在 2.45.1、2.44.1、2.4

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
[GitHub]A PoC exploit for CVE-2014-6271 - Shellshock

" GNU Bash在4.3版本中，会在环境变量值的函数定义后处理尾随字符串，这允许远程攻击者通过构造恶意的环境变量执行任意代码，如OpenSSH sshd中的ForceCommand特性，Apache HTTP Server中的mod_cgi和mod_cgid模块，以及未知DHCP客户端执行的脚本等场景。设置环境的过程跨越了Bash执行的特权边界，即“ShellShock”。需要注意的是，此问题的原始修复方案是错误的；CVE-2014-7169已经分配给覆盖在错误修复后仍然存在的漏洞。\n[GitHub] A PoC exploit for CVE-2014-6271 - Shellshoc

精选了本周知识大陆公开发布的10条优质资源，让我们一起看看吧。

近期，火绒安全实验室收到用户反馈称自己下载的 Telegram 汉化文件安装后造成系统异常，火绒安全工程师第一时间为用户提供技术支持，提取样...

Topic: TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution Risk: Low Text:Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac...

" 主题：TrojanSpy.Win64.EMOTET.A MVID-2024-0684 代码执行风险：低\n\n文本：发现/致谢：Malvuln（John Page 又名 hyp3rlinx）（版权所有 2024）\n原始来源：https://malvuln.com/advisory/f917c77f60c3c1ac...\n\n恶意软件概述：TrojanSpy.Win64.EMOTET.A 是一款针对 Windows 64 架构的间谍软件。执行代码的风险较低。\n\n发现与致谢：感谢 Malvuln（John Page 又名 hyp3rlinx）版权所有 2024。原始来源：https://malvuln.com/advisory/f917c77f60c3c1ac..."

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Very Good Plugins WP Fusion Lite allows Command Injection.This issue affects WP Fusion Lite: from n/a through 3.41.24.
[GitHub]CVE-2024-27972 WP Fusion Lite <= 3.41.24 - Authenticated (Contributor+) Remote Code Execution

" 非常优秀的插件WP Fusion Lite中，对命令中使用的特殊元素的不正确中和（命令注入）漏洞允许命令注入。此问题影响了WP Fusion Lite版本：从n/a至3.41.24。\n[GitHub]CVE-2024-27972 WP Fusion Lite <= 3.41.24 - 认证（贡献者+）远程代码执行"

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]CVE-2024-32002 RCE PoC

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前，带有子模块的仓库可以以一种利用 Git 中的漏洞的方式构建，这种方式可以让 Git 被欺骗地将文件写入 `.git/` 目录，而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子，使用户没有机会检查正在执行的代码。该问题已在 2.45.1、2.44.1、2.43.4、2.42

Windows Kernel Elevation of Privilege Vulnerability
[GitHub]Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.

" Windows内核权限提升漏洞\n[GitHub]启用HVCI的Windows 10和Windows 11操作系统上的管理员到内核的本地权限提升漏洞。"