Cybersecurity information flow

SmartScreen Prompt Security Feature Bypass Vulnerability
[GitHub]Exploit for Microsoft SmartScreen malicious execution (april 2024)

" 智能屏提示安全功能绕过漏洞\n[GitHub]针对Microsoft智能屏恶意执行的漏洞利用（2024年4月）"

Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
[GitHub]Jenkins CVE-2024-23897: Arbitrary File Read Vulnerability

" Jenkins 2.441及更早版本，LTS 2.426.2及更早版本，在其CLI命令解析器中未禁用一种功能，该功能将在参数中的'@'字符后跟随的文件路径替换为文件内容，允许未经身份验证的攻击者读取Jenkins控制器文件系统上的任意文件。\n[GitHub]Jenkins CVE-2024-23897：任意文件读取漏洞"

[GitHub]Exploit for Microsoft SmartScreen malicious execution (april 2024)

" [GitHub] Microsoft SmartScreen 恶意执行漏洞利用（2024年4月）"

An offensive security strategy is a sophisticated and dynamic approach that extends beyond mere testing. It's a comprehensive plan that aligns with an organization's core mission, transforming security from a passive shield to an active spearhead. After all, in any fight, a combatant can only block punches for so long before striking back.

" 进攻性安全策略是一种复杂且动态的方法，它超越了单纯的测试。这是一种全面的战略，与组织的核心使命保持一致，将安全从被动的防护转变为积极的矛头。毕竟，在任何斗争中，战士只能在挡住拳头的同时等待反击。"

Next Generation Visual Programming System

This release upgrades Burp's built-in browser and fixes a bug with custom table columns. Bug fix We have fixed a bug whereby custom table columns stopped returning new values after encountering a null

" 此次发布升级了Burp内置浏览器，并修复了自定义表格列在遇到空值后停止返回新值的错误。修复了一个错误：在遇到空值后，自定义表格列不再返回新值。"

This release upgrades Burp's built-in browser and fixes a bug with custom table columns. Bug fix We have fixed a bug whereby custom table columns stopped returning new values after encountering a null

" 此次发布升级了Burp内置浏览器，并修复了自定义表格列在遇到空值后停止返回新值的bug。修复bug：我们已修复一个bug，即在遇到空值后，自定义表格列不再返回新值。"

Concurrent data structures for Go

Produce redistributable builds of Python

A grammar-based custom mutator for AFL++

这是一个基于先知社区知识构建的向量知识库

LangChain 的中文入门教程

Adding RAG to Ollama models

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
[GitHub]Bypass for CVE-2007-4559 Trellix patch

" Python中的tarfile模块中的（1）提取和（2）提取所有功能中的目录遍历漏洞，允许用户协助的远程攻击者通过TAR归档文件中的..（点点）序列在文件名中覆盖任意文件，与CVE-2001-1267相关。\n[GitHub] CVE-2007-4559 Trellix补丁绕过"

最近一朋友单位采购了 JEB Pro 用于 Android 逆向，但使用的是 Floating License，因此只能在公司内网中使用。这样一来朋友在节假日就没法卷了，于是找到了我看有没有兴趣研究一下。虽然笔者之前搞过一段时间 Java 逆向，但那主要针对 Android 应用，对于 PC 应用那是大姑娘坐花轿 —— 头一回。本着学习新知识的心态，就接下了这个任务。
前言
以防有朋友不了解，JEB 是一个逆向工程工具，主要用于 Android APK 的逆向分析，针对 smali 字节码反编译的功能类似于 JADX，但是也支持对 SO 等二进制程序的逆向分析。
一般来说 JEB Pro 采用订阅机制，根据使用的机器进行收费，一机一密。但对于企业而言通常采用浮动授权，即 Floating License，允许一个或者多个不固定的机器同时使用。JEB floating controller 是官方用于运行在服务端的私有浮动授权服务器，其本质上是一个 HTTP 服务器，运行后直接访问会显示授权信息。
JEB Floating Controller
客户端则需要在 jeb-client.cfg 中配置 .ControllerInterface 和 .ControllerPort 等信息，或者在启动 JEB Pro 的时候填入服务端地址，从而实现授权。
逆向分析
对于静态分析而言，和 Android 应用中的静态分析流程基本一致，都是拖到 JADX 中然后搜索某些关键字，比如授权失败的提示信息，或者配置的信息。
首先我们将授权服务的地址指定为 127.0.0.1:23477，然后用 NC 监听该地址，启动后很快收到了请求：
Listening on 0.0.0.0 23477 Connection received on localhost 52330 POST /probe HTTP/1.1 User-Agent: PNF Software UP Content-Type: application/x-www-form-urlencoded Content-Length: 189 Host: 127.0.0.1:23477 Connection: Keep-Alive Accept-Encoding: gzip data=5400000035E5...
可见 JEB Pro 和浮动授权服务器是通过 HTTP 请求进行通

badKarma是一款开源的网络侦查工具，提供了友好的GUI接口，可以在网络基础设施安全审计过程中执行网络侦查任务。

有新的漏洞组件被发现啦,组件ID:F5
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0

有新的漏洞组件被发现啦,组件ID:WildFly
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.

有新的漏洞组件被发现啦,组件ID:Jenkins
A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

有新的漏洞组件被发现啦,组件ID:Jenkins
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

有新的漏洞组件被发现啦,组件ID:Django
Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `FieldPanel` has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific field can craft an HTTP POST request that bypasses the permission check on the individual field, allowing them to update its value. This vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, or by a user who has not been granted edit access to the model in question. The editing interfaces for pages and snippets are also unaffected. Patched versions have been released as Wagtail 6.0.3 and 6.1. Wagtail releases prior to 6.0 are unaffected. Users are advised to upgrade. Site owners who are unable to upgrade to a patched version can avoid the vulnerability as follo

有新的漏洞组件被发现啦,组件ID:Apache
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.

有新的漏洞组件被发现啦,组件ID:Apache
有新的漏洞组件被发现啦,组件ID:ActiveMQ
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API). To mitigate, users can update the default conf/jetty.xml configuration file to add authentication requirement: <bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping"> <property name="constraint" ref="securityConstraint" /> <property name="pathSpec" value="/" /> </bean> Or we encourage users to upgrade to Apache ActiveMQ 6.1.2 where the default configuration has been updated with authentication by default.

Netfilter是一个用于Linux操作系统的网络数据包过滤框架，提供了一种灵活的方式来管理网络数据包的流动。

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

IMRPOVED simple vector database made in numpy