Cybersecurity information flow

干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容.

了解更多 »

全部节点
时间 节点
2024年5月26日 14:32 Github关注
Learn Blockchain, Solidity, and Full Stack Web3 Development with Javascript
2024年5月26日 13:23 wohin
作者:毛泽东
论认识和实践的关系——知和行的关系
(一九三七年七月)
马克思以前的唯物论,离开人的社会性,离开人的历史发展,去观察认识问题,因此不能了解认识对社会实践的依赖关系,即认识对生产和阶级斗争的依赖关系。
首先,马克思主义者认为人类的生产活动是最基本的实践活动,是决定其它一切活动的东西。人的认识,主要地依赖于物质的生产活动,逐渐地了解自然的现象、自然的性质、自然的规律性、人和自然的关系;而且经过生产活动,也在各种不同程度上逐渐地认识了人和人的一定的相互关系。一切这些知识,离开生产活动是不能得到的。在没有阶级的社会中,每个人以社会一员的资格,同其它社会成员协力,结成一定的生产关系,从事生产活动,以解决人类物质生活问题。在各种阶级的社会中,各阶级的社会成员,则又以各种不同的方式,结成一定的生产关系,从事生产活动,以解决人类物质生活问题。这是人的认识发展的基本来源。
人的社会实践,不限于生产活动一种形式,还有多种其它的形式,阶级斗争,政治生活,科学和艺术的活动,总之社会实际生活的一切领域都是社会的人所参加的。因此,人的认识,在物质生活以外,还从政治生活文化生活中(与物质生活密切联系),在各种不同程度上,知道人和人的各种关系。其中,尤以各种形式的阶级斗争,给予人的认识发展以深刻的影响。在阶级社会中,每一个人都在一定的阶级地位中生活,各种思想无不打上阶级的烙印。
马克思主义者认为人类社会的生产活动,是一步又一步地由低级向高级发展,因此,人们的认识,不论对于自然界方面,对于社会方面,也都是一步又一步地由低级向高级发展,即由浅入深,由片面到更多的方面。在很长的历史时期内,大家对于社会的历史只能限于片面的了解,这一方面是由于剥削阶级的偏见经常歪曲社会的历史,另方面,则由于生产规模的狭小,限制了人们的眼界。人们能够对于社会历史的发展作全面的历史的了解,把对于社会的认识变成了科学,这只是到了伴随巨大生产力——大工业而出现近代无产阶级的时候,这就是马克思主义的科学。
马克思主义者认为,只有人们的社会实践,才是人们对于外界认识的真理性的标准。实际的情形是这样的,只有在社会实践过程中(物质生产过程中,阶级斗争过程中,科学实验过程中),人们达到了思想中所预想的结果时,人们的认识才被证实了。人们要想得到工作的胜利即得到预想的结果,一定要使自己的思想合于客观外界的规律性,如果不合,就会在实践中失败。人们经过失败之后,也就从失败取得教训,
2024年5月26日 13:12 freebuf
网宿安全演武实验室监测到kkFileView存在远程代码执行漏洞(网宿评分:危急,CVSS3.1评分:9.8)
2024年5月26日 12:53 wohin
作者:毛泽东
(一九三七年八月)
事物的矛盾法则,即对立统一的法则,是唯物辩证法的最根本的法则。列宁说:“就本来的意义讲,辩证法是研究对象的本质自身中的矛盾。”列宁常称这个法则为辩证法的本质,又称之为辩证法的核心。因此,我们在研究这个法则时,不得不涉及广泛的方面,不得不涉及许多的哲学问题。如果我们将这些问题都弄清楚了,我们就在根本上懂得了唯物辩证法。这些问题是:两种宇宙观;矛盾的普遍性;矛盾的特殊性;主要的矛盾和主要的矛盾方面;矛盾诸方面的同一性和斗争性;对抗在矛盾中的地位。
苏联哲学界在最近数年中批判了德波林学派的唯心论,这件事引起了我们的极大的兴趣。德波林的唯心论在中国共产党内发生了极坏的影响,我们党内的教条主义思想不能说和这个学派的作风没有关系。因此,我们现在的哲学研究工作,应当以扫除教条主义思想为主要的目标。
一、两种宇宙观
在人类的认识史中,从来就有关于宇宙发展法则的两种见解,一种是形而上学的见解,一种是辩证法的见解,形成了互相对立的两种宇宙观。列宁说:“对于发展(进化)所持的两种基本的(或两种可能的?或两种在历史上常见的?)观点是:(一)认为发展是减少和增加,是重复;(二)认为发展是对立的统一(统一物分成为两个互相排斥的对立,而两个对立又互相关联着)。”列宁说的就是这两种不同的宇宙观。
形而上学,亦称玄学。这种思想,无论在中国,在欧洲,在一个很长的历史时间内,是属于唯心论的宇宙观,并在人们的思想中占了统治的地位。在欧洲,资产阶级初期的唯物论,也是形而上学的。由于欧洲许多国家的社会经济情况进到了资本主义高度发展的阶段,生产力、阶级斗争和科学均发展到了历史上未有过的水平,工业无产阶级成为历史发展的最伟大的动力,因而产生了马克思主义的唯物辩证法的宇宙观。于是,在资产阶级那里,除了公开的极端露骨的反动的唯心论之外,还出现了庸俗的进化论,出来对抗唯物辩证法。
所谓形而上学的或庸俗进化论的宇宙观,就是用孤立的、静止的和片面的观点去看世界。这种宇宙观把世界一切事物,一切事物的形态和种类,都看成是永远彼此孤立和永远不变化的。如果说有变化,也只是数量的增减和场所的变更。而这种增减和变更的原因,不在事物的内部而在事物的外部,即是由于外力的推动。形而上学家认为,世界上各种不同事物和事物的特性,从它们一开始存在的时候就是如此。后来的变化,不过是数量上的扩大或缩小。他们认为一种事物永远只能反复地产生为同样的事物,而不能变化为另
2024年5月26日 11:32 Github关注
构建区块链学习的知识体系合集,汇聚各种区块链资源
2024年5月26日 11:32 Github关注
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
2024年5月26日 11:32 Github关注
Burp Plugin to Bypass WAFs through the insertion of Junk Data
2024年5月26日 10:23 Github_POC
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
[GitHub]this is a simple script from CVE-2023-4197 that was little bit modified since because it didn't work at first time with broadlight machine from HTB which means that we have to modify the script a little bit and then use it as how the ducumentation says

" Dolibarr ERP CRM <= v18.0.1中的不当输入验证在创建网站时未能去除用户提供的某些PHP代码,允许攻击者注入并评估任意PHP代码。\n[GitHub] 这是一个来自CVE-2023-4197的简单脚本,由于最初在HTB的宽灯机器上无法正常工作,因此稍作修改以便使其符合文档所述的使用方法。"
2024年5月26日 10:12 freebuf
软件供应链安全指的是确保软件供应链中的各个环节和组件不受恶意攻击或未经授权的篡改,以保证软件交付的完整性、可信性和可靠性。
2024年5月26日 09:50 Github_POC
[GitHub]Men Salon Management System Using PHP and MySQL

" [GitHub] 使用 PHP 和 MySQL 的男士沙龙管理系统"
2024年5月26日 09:50 Github_POC
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.
[GitHub]Using CVE-2023-21768 to manual map kernel mode driver

" 将下列文字翻译为中文,要求信达雅:Windows辅助功能驱动程序 WinSock权限提升漏洞。\n[GitHub] 使用CVE-2023-21768手动映射内核模式驱动程序。\n\n请注意,翻译中的CVE-2023-21768可能是一个未来的漏洞代号,实际漏洞信息可能与此不符。在实际应用中,请以官方发布的漏洞信息为准。"
2024年5月26日 09:50 Github_POC
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.
[GitHub]Using CVE-2021-40449 to manual map kernel mode driver

" Win32k权限提升漏洞:此CVE ID与CVE-2021-40450、CVE-2021-41357不同。\n[GitHub]使用CVE-2021-40449手动映射内核模式驱动。"
2024年5月26日 09:50 Github_POC
[GitHub]this is a simple script from CVE-2023-4197 that was little bit modified since because it didn't work at first time with broadlight machine from HTB which means that we have to modify the script a little bit and then use it as how the ducumentation says

" [GitHub] 这是一份来自CVE-2023-4197的简单脚本,经过了一点修改。之所以进行修改,是因为它最初在HTB的宽灯机器上无法正常工作。这意味着我们需要对脚本进行一点调整,然后按照文档说明来使用它。"
2024年5月26日 09:12 freebuf
精选了本周知识大陆公开发布的10条优质资源,让我们一起看看吧。
2024年5月26日 08:32 Github关注
2024年5月26日 08:12 freebuf
黑客行动主义已经成为这些攻击背后的主要动机,这种向政治化网络策略的转变,凸显了网络对国家安全和全球外交的影响越来越大。
2024年5月26日 01:43 Stories by SAFARAS K A on Medi
Are you capable of mastering the entire system and exploiting all vulnerabilities?
Continue reading on InfoSec Write-ups »

" 您有能力掌握整个系统并利用所有漏洞吗?\n继续阅读InfoSec Write-ups »"
2024年5月26日 01:35 Confessions of a Penetration T
Unfortunately, due to medical reasons within my immediate family, despite my plans and intentions, I will not be able to fly to Monday's/Tuesday's CONFidence'24, for which I would like to sincerely apologize to everyone. Don't worry, nothing bad has happened – it’s simply safer for me to be nearby at home for the next few days.

As a result:
- Paweł Maziarz will be giving our joint presentation on his own – fortunately, Paweł is an absolutely excellent speaker and has a ton of his own material in the presentation (although he will still get a few slides from me). I'll add that we considered a hybrid model (Paweł in the room, me remotely), but ultimately, we feared that it simply wouldn’t work well.
- I won't be able to sign books – I especially want to apologize to those who in recent months have asked where they can catch me to sign books, and to whom I said I would be at CONFidence. I will be in Krakow again in September, but you can always write to me (preferably on Discord) and ask about upcoming opportun
2024年5月26日 00:12 Github关注
零知识证明入门教程。
2024年5月26日 00:12 SecWiki周报
2024年5月25日 21:52 Github关注
2024年5月25日 21:48 Github_POC
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
[GitHub]Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Incl
2024年5月25日 21:48 Github_POC
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]A submodule to demonstrate CVE-2024-32002. Demonstrates arbitrary write into .git.

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前,带有子模块的仓库可以以一种利用 Git 中的漏洞的方式构建,这种方式可以让 Git 被愚弄,将文件写入 \".git/\" 目录,而不是子模块的工作树。这允许在克隆
2024年5月25日 21:48 Github_POC
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]A POC for CVE-2024-32002 demonstrating arbitrary write into the .git directory.

" Git是一种版本控制系统。在Git版本2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2和2.39.4之前,可以利用Git中的一个漏洞来构建具有子模块的仓库,从而将文件写入`.git/`目录,而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子,使用户无法检查正在执行的代码
2024年5月25日 21:38 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.
2024年5月25日 21:38 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.
2024年5月25日 21:37 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SVN
svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST request.
2024年5月25日 21:36 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to calling ipv6_stub->fib6_nh_release. The bug has been present since the beginning of IPv6 nexthop gateway support. Commit 1aefd3de7bc6 ("ipv6: Add fib6_nh_init and release to stubs") tells us that only fib6_nh_init has a dummy stub because fib6_nh_release should not be called if fib6_nh_init returns an error, but the commit below added a call to ipv6_stub->fib6_nh_release in its error path. To fix it return the dummy stub's -EAFNOSUPPORT error directly without calling ipv6_stub->fib6_nh_release in nh_create_ipv6()'s error path. [1] Output is a bit truncated, but it clearly shows the error. BUG: kernel NULL pointer dereference, address: 000000000000000000 #PF: supervisor instruction fetch in kernel mod
2024年5月25日 21:36 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an interface via ethtool's set_channels(). There is an issue around the bpf_prog refcounting when VSI is being rebuilt - since ice_prepare_xdp_rings() is called with vsi->xdp_prog as an argument that is used later on by ice_vsi_assign_bpf_prog(), same bpf_prog pointers are swapped with each other. Then it is also interpreted as an 'old_prog' which in turn causes us to call bpf_prog_put on it that will decrement its refcount. Below splat can be interpreted in a way that due to zero refcount of a bpf_prog it is wiped out from the system while kernel still tries to refer to it: [ 481.069429] BUG: unable to handle page fault for address: ffffc9000640f038 [ 481.077390] #PF: supervisor read access in kernel mode [
2024年5月25日 21:35 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar to the one addressed by commit 20eb4f29b602 ("net: fix sk_page_frag() recursion from memory reclaim"). Here the nested access to the task page frag is caused by a page fault on the (mmapped) user-space memory buffer coming from the cifs file. The page fault handler performs an smb transaction on a different socket, inside the same process context. Since sk->sk_allaction for such socket does not prevent the usage for the task_frag, the nested allocation modify "under the hood" the page frag in use by the outer sendmsg call, corrupting the stream. The overall relevant stack trace looks like the following: httpd 78268 [001] 3461630.850950: probe:tcp_sendmsg_locked: ffffffff91461d91 tcp_sendmsg_lo