Cybersecurity information flow

The third-party Telegram android app.

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
[GitHub]The sqlmap payload to exploit CVE-2023-40931

" Nagios XI从版本5.11.0一直到包括5.11.1版本存在SQL注入漏洞， authenticated攻击者可以通过POST请求中ID参数执行任意SQL命令，请求路径为/nagiosxi/admin/banner_message-ajaxhelper.php。\n[GitHub]针对CVE-2023-40931的sqlmap载荷利用示例"

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
[GitHub]The sqlmap payload to exploit CVE-2023-40933

" Nagios XI v5.11.1及以下版本中存在SQL注入漏洞，具有公告横幅配置权限的认证攻击者可以通过发送给update_banner_message()函数的ID参数执行任意SQL命令。\n[GitHub]利用CVE-2023-40933的sqlmap载荷"

Threadless Injection injects a trampoline at the start of the target function instead of stomping it with the entire payload. This trampoline will …

A Simple PoC

Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.

Local & remote Windows DLL Proxying

MetaHub是一款针对漏洞管理的自动化安全上下文信息扩充与影响评估工具，支持与AWS Security Hub或与ASFF兼容的安全扫描仪...

Application runtime environment customization utility

Windows KASLR bypass using prefetch side-channel

an awesome list of honeypot resources

分三部分：含义、示例和应对措施。

web3.0知识整理 web3.0知识 web3.0学习资料

tl;dr Clang 19 will remove the -mrelax-all default at-O0, significantly decreasing the text section size forx86.
Span-dependent instructions
In assembly languages, some instructions with an immediate operandcan be encoded in two (or more) forms with different sizes. On x86-64, adirect JMP/JCC can be encoded either in 2 bytes with a 8-bit relativeoffset or 6 bytes with a 32-bit relative offset. A short jump ispreferred because it takes less space. However, when the target of thejump is too far away (out of range for a 8-bit relative offset), a nearjump must be used.
1
2
3
4

ja foo # jump short if above, 77 <rel8>
ja foo # jump near if above, 0f 87 <rel32>
.nops 126
foo: ret

A 1978 paper by Thomas G. Szymanski ("Assembling Code forMachines with Span-Dependent Instructions") used the term"span-dependent instructions" to refer to such instructions with shortand long forms. Assemblers grapple with the challenge of choosing theoptimal size for these instructions, often referred to as the "branchdisplacement probl

智能网联汽车协议模糊测试技术是保障智能网联汽车安全的重要手段之一。

文章总结推荐了本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

创新沙盒十强解读： Mitiga

基于Dineshkarthik的项目， 电报视频下载，电报资源下载，跨平台，支持web查看下载进度 ，支持bot下发指令下载，支持下载已经加入的私有群但是限制下载的资源， telegram media download,Download media files from a telegram …

Windows Kernel Elevation of Privilege Vulnerability
[GitHub]Proof-of-Concept for CVE-2024-21345

" Windows内核权限提升漏洞\n[GitHub] CVE-2024-21345概念验证"

Windows Kernel Elevation of Privilege Vulnerability
[GitHub]Proof-of-Concept for CVE-2024-26218

" Windows内核权限提升漏洞\n[GitHub] CVE-2024-26218概念验证"

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.
[GitHub]Explore CVE-2022-41741 with the Evil MP4 repository. It offers educational PoCs, mitigation strategies, and detailed documentation on securing nginx against MP4 file vulnerabilities. For legal, ethical security testing only.

" NGINX 开源版本 1.23.2 之前和 1.22.1 之前，NGINX 开源订阅版本 R2 P1 之前和 R1 P1 之前，以及 NGINX Plus 版本 R27 P1 之前和 R26 P1 之前，模

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE.
[GitHub]NSE script for checking the presence of CVE-2023-22515

" Atlassian已经注意到一些客户报告的一个问题，即外部攻击者可能利用了公开可访问的Confluence数据中心和服务器实例中 previously unknown 的一个漏洞，创建了未经授权的Confluence管理员账户并访问了Confluence实例。Atlassian Cloud站点不受此漏洞的影响。如果您的Confluence站点通过atlassian.net域名访问，那么它由Atlassian托管，不会受到此问题的影响。更多关于此漏洞的详细信息，请查看与此CVE链接的咨询文件。\n[GitHub]用于检查CVE-2023-22515存在的NSE脚本"

Aims to identify sleeping beacons

CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands.

Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.  Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
[GitHub]activemq-rce-cve-2023-46604

" Apache ActiveMQ存在远程代码执行漏洞。该漏洞可能允许具有网络访问权的远程攻击者通过操纵OpenWire协议中的序列化类类型来运行任意shell命令，从而导致代理 instantiate 类路径上的任何类。建议用户升级到版本5.15.16、5.16.7、5.17.6或5.18.3，以修复此问题。\n[GitHub]activemq-rce-cve-2023-46604"