Cybersecurity information flow

This release upgrades Burp's built-in browser and fixes a bug with custom table columns. Bug fix We have fixed a bug whereby custom table columns stopped returning new values after encountering a null

" 此次发布升级了Burp内置浏览器，并修复了自定义表格列在遇到空值后停止返回新值的错误。修复了一个错误：在遇到空值后，自定义表格列不再返回新值。"

This release upgrades Burp's built-in browser and fixes a bug with custom table columns. Bug fix We have fixed a bug whereby custom table columns stopped returning new values after encountering a null

" 此次发布升级了Burp内置浏览器，并修复了自定义表格列在遇到空值后停止返回新值的bug。修复bug：我们已修复一个bug，即在遇到空值后，自定义表格列不再返回新值。"

Concurrent data structures for Go

Produce redistributable builds of Python

A grammar-based custom mutator for AFL++

这是一个基于先知社区知识构建的向量知识库

LangChain 的中文入门教程

Adding RAG to Ollama models

Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
[GitHub]Bypass for CVE-2007-4559 Trellix patch

" Python中的tarfile模块中的（1）提取和（2）提取所有功能中的目录遍历漏洞，允许用户协助的远程攻击者通过TAR归档文件中的..（点点）序列在文件名中覆盖任意文件，与CVE-2001-1267相关。\n[GitHub] CVE-2007-4559 Trellix补丁绕过"

最近一朋友单位采购了 JEB Pro 用于 Android 逆向，但使用的是 Floating License，因此只能在公司内网中使用。这样一来朋友在节假日就没法卷了，于是找到了我看有没有兴趣研究一下。虽然笔者之前搞过一段时间 Java 逆向，但那主要针对 Android 应用，对于 PC 应用那是大姑娘坐花轿 —— 头一回。本着学习新知识的心态，就接下了这个任务。
前言
以防有朋友不了解，JEB 是一个逆向工程工具，主要用于 Android APK 的逆向分析，针对 smali 字节码反编译的功能类似于 JADX，但是也支持对 SO 等二进制程序的逆向分析。
一般来说 JEB Pro 采用订阅机制，根据使用的机器进行收费，一机一密。但对于企业而言通常采用浮动授权，即 Floating License，允许一个或者多个不固定的机器同时使用。JEB floating controller 是官方用于运行在服务端的私有浮动授权服务器，其本质上是一个 HTTP 服务器，运行后直接访问会显示授权信息。
JEB Floating Controller
客户端则需要在 jeb-client.cfg 中配置 .ControllerInterface 和 .ControllerPort 等信息，或者在启动 JEB Pro 的时候填入服务端地址，从而实现授权。
逆向分析
对于静态分析而言，和 Android 应用中的静态分析流程基本一致，都是拖到 JADX 中然后搜索某些关键字，比如授权失败的提示信息，或者配置的信息。
首先我们将授权服务的地址指定为 127.0.0.1:23477，然后用 NC 监听该地址，启动后很快收到了请求：
Listening on 0.0.0.0 23477 Connection received on localhost 52330 POST /probe HTTP/1.1 User-Agent: PNF Software UP Content-Type: application/x-www-form-urlencoded Content-Length: 189 Host: 127.0.0.1:23477 Connection: Keep-Alive Accept-Encoding: gzip data=5400000035E5...
可见 JEB Pro 和浮动授权服务器是通过 HTTP 请求进行通

badKarma是一款开源的网络侦查工具，提供了友好的GUI接口，可以在网络基础设施安全审计过程中执行网络侦查任务。

有新的漏洞组件被发现啦,组件ID:F5
This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running the emulator and navigated to a malicious website with the exploit on a browser that allowed calls to localhost (ie Chrome before v94), the website could exfiltrate emulator data. We recommend upgrading past version 13.6.0 or commit 068a2b08dc308c7ab4b569617f5fc8821237e3a0 https://github.com/firebase/firebase-tools/commit/068a2b08dc308c7ab4b569617f5fc8821237e3a0

有新的漏洞组件被发现啦,组件ID:WildFly
A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or set a maximum number of connections.

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier programmatically disables the fix for CVE-2016-3721 whenever a build is triggered from a release tag, by setting the Java system property 'hudson.model.ParametersAction.keepUndefinedParameters'.

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.

有新的漏洞组件被发现啦,组件ID:Jenkins
A sandbox bypass vulnerability involving sandbox-defined classes that shadow specific non-sandbox-defined classes in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

有新的漏洞组件被发现啦,组件ID:Jenkins
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.

有新的漏洞组件被发现啦,组件ID:Django
Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `FieldPanel` has been used to further restrict access to one or more fields of the model, a user with edit permission over the model but not the specific field can craft an HTTP POST request that bypasses the permission check on the individual field, allowing them to update its value. This vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, or by a user who has not been granted edit access to the model in question. The editing interfaces for pages and snippets are also unaffected. Patched versions have been released as Wagtail 6.0.3 and 6.1. Wagtail releases prior to 6.0 are unaffected. Users are advised to upgrade. Site owners who are unable to upgrade to a patched version can avoid the vulnerability as follo

有新的漏洞组件被发现啦,组件ID:Apache
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Apache APISIX when using `forward-auth` plugin.This issue affects Apache APISIX: from 3.8.0, 3.9.0. Users are recommended to upgrade to version 3.8.1, 3.9.1 or higher, which fixes the issue.

有新的漏洞组件被发现啦,组件ID:Apache
有新的漏洞组件被发现啦,组件ID:ActiveMQ
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia JMX REST API) and/or produce/consume messages or purge/delete destinations (using the Message REST API). To mitigate, users can update the default conf/jetty.xml configuration file to add authentication requirement: <bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping"> <property name="constraint" ref="securityConstraint" /> <property name="pathSpec" value="/" /> </bean> Or we encourage users to upgrade to Apache ActiveMQ 6.1.2 where the default configuration has been updated with authentication by default.

Netfilter是一个用于Linux操作系统的网络数据包过滤框架，提供了一种灵活的方式来管理网络数据包的流动。

PCI Express DIY hacking toolkit for Xilinx SP605. This repository is also home of Hyper-V Backdoor and Boot Backdoor, check readme for links and info

IMRPOVED simple vector database made in numpy

Sophos研究人员发现一起勒索软件活动，通过修改合法的Sophos可执行文件和DLL的原始内容，覆盖入口点代码，并将解密的有效载荷作为资源...

A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
[GitHub]kernal exploit 22600

"  net/packet/af_packet.c 中的 packet_set_ring() 函数的双重释放漏洞可以被本地用户通过精心构造的系统调用利用，以提升权限或拒绝服务。我们建议升级内核至受影响版本之后，或重建至 ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 之后。[GitHub]kernal exploit 22600"

[GitHub]kernal exploit 22600

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
[GitHub]kernal exploit 3156

" 在1.9.5p2之前的Sudo版本中存在一个off-by-one错误，可能导致堆基于缓冲区溢出，从而通过“sudoedit -s”和以单个反斜杠字符结尾的命令行参数实现权限升级至root。\n[GitHub]kernal exploit 3156"

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
[GitHub]writeup and PoC for CVE-2024-32766 (QNAP) OS command injection and auth bypass

" 已报告称，一种操作系统命令注入漏洞影响了多个QNAP操作系统版本。如果被利用，此漏洞可能允许用户通过网络执行命令。我们已在以下版本中修复了该漏洞：QTS 5.1.3.2578 build 20231110及后续版本，QTS 4.5.4.2627 build 20231225及后续版本，QuTS hero h5.1.3.2578 build 20231110及后续版本，QuTS hero h4.5.4.2626 build 20231225及后续版本，以及QuTScloud c5.1.5.2651及后续版本。\n[GitHub] CVE-2024-32766（QNAP）操作系统命令注入和认证绕过之详尽报告与证明概念。"