Cybersecurity information flow

干净的信息流推送工具,偏向安全圈的点点滴滴,为安全研究人员每日发现优质内容.

了解更多 »

最近更新
时间 节点
2024年5月26日 11:32 Github关注
构建区块链学习的知识体系合集,汇聚各种区块链资源
2024年5月26日 11:32 Github关注
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
2024年5月26日 11:32 Github关注
Burp Plugin to Bypass WAFs through the insertion of Junk Data
2024年5月26日 10:23 Github_POC
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.
[GitHub]this is a simple script from CVE-2023-4197 that was little bit modified since because it didn't work at first time with broadlight machine from HTB which means that we have to modify the script a little bit and then use it as how the ducumentation says

" Dolibarr ERP CRM <= v18.0.1中的不当输入验证在创建网站时未能去除用户提供的某些PHP代码,允许攻击者注入并评估任意PHP代码。\n[GitHub] 这是一个来自CVE-2023-4197的简单脚本,由于最初在HTB的宽灯机器上无法正常工作,因此稍作修改以便使其符合文档所述的使用方法。"
2024年5月26日 10:12 freebuf
软件供应链安全指的是确保软件供应链中的各个环节和组件不受恶意攻击或未经授权的篡改,以保证软件交付的完整性、可信性和可靠性。
2024年5月26日 09:50 Github_POC
[GitHub]Men Salon Management System Using PHP and MySQL

" [GitHub] 使用 PHP 和 MySQL 的男士沙龙管理系统"
2024年5月26日 09:50 Github_POC
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.
[GitHub]Using CVE-2023-21768 to manual map kernel mode driver

" 将下列文字翻译为中文,要求信达雅:Windows辅助功能驱动程序 WinSock权限提升漏洞。\n[GitHub] 使用CVE-2023-21768手动映射内核模式驱动程序。\n\n请注意,翻译中的CVE-2023-21768可能是一个未来的漏洞代号,实际漏洞信息可能与此不符。在实际应用中,请以官方发布的漏洞信息为准。"
2024年5月26日 09:50 Github_POC
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.
[GitHub]Using CVE-2021-40449 to manual map kernel mode driver

" Win32k权限提升漏洞:此CVE ID与CVE-2021-40450、CVE-2021-41357不同。\n[GitHub]使用CVE-2021-40449手动映射内核模式驱动。"
2024年5月26日 09:50 Github_POC
[GitHub]this is a simple script from CVE-2023-4197 that was little bit modified since because it didn't work at first time with broadlight machine from HTB which means that we have to modify the script a little bit and then use it as how the ducumentation says

" [GitHub] 这是一份来自CVE-2023-4197的简单脚本,经过了一点修改。之所以进行修改,是因为它最初在HTB的宽灯机器上无法正常工作。这意味着我们需要对脚本进行一点调整,然后按照文档说明来使用它。"
2024年5月26日 09:12 freebuf
精选了本周知识大陆公开发布的10条优质资源,让我们一起看看吧。
2024年5月26日 08:32 Github关注
2024年5月26日 08:12 freebuf
黑客行动主义已经成为这些攻击背后的主要动机,这种向政治化网络策略的转变,凸显了网络对国家安全和全球外交的影响越来越大。
2024年5月26日 01:43 Stories by SAFARAS K A on Medi
Are you capable of mastering the entire system and exploiting all vulnerabilities?
Continue reading on InfoSec Write-ups »

" 您有能力掌握整个系统并利用所有漏洞吗?\n继续阅读InfoSec Write-ups »"
2024年5月26日 01:35 Confessions of a Penetration T
Unfortunately, due to medical reasons within my immediate family, despite my plans and intentions, I will not be able to fly to Monday's/Tuesday's CONFidence'24, for which I would like to sincerely apologize to everyone. Don't worry, nothing bad has happened – it’s simply safer for me to be nearby at home for the next few days.

As a result:
- Paweł Maziarz will be giving our joint presentation on his own – fortunately, Paweł is an absolutely excellent speaker and has a ton of his own material in the presentation (although he will still get a few slides from me). I'll add that we considered a hybrid model (Paweł in the room, me remotely), but ultimately, we feared that it simply wouldn’t work well.
- I won't be able to sign books – I especially want to apologize to those who in recent months have asked where they can catch me to sign books, and to whom I said I would be at CONFidence. I will be in Krakow again in September, but you can always write to me (preferably on Discord) and ask about upcoming opportun
2024年5月26日 00:12 Github关注
零知识证明入门教程。
2024年5月26日 00:12 SecWiki周报
2024年5月25日 21:52 Github关注
2024年5月25日 21:48 Github_POC
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
[GitHub]Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Incl
2024年5月25日 21:48 Github_POC
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]A submodule to demonstrate CVE-2024-32002. Demonstrates arbitrary write into .git.

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前,带有子模块的仓库可以以一种利用 Git 中的漏洞的方式构建,这种方式可以让 Git 被愚弄,将文件写入 \".git/\" 目录,而不是子模块的工作树。这允许在克隆
2024年5月25日 21:48 Github_POC
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]A POC for CVE-2024-32002 demonstrating arbitrary write into the .git directory.

" Git是一种版本控制系统。在Git版本2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2和2.39.4之前,可以利用Git中的一个漏洞来构建具有子模块的仓库,从而将文件写入`.git/`目录,而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子,使用户无法检查正在执行的代码
2024年5月25日 21:38 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.
2024年5月25日 21:38 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.
2024年5月25日 21:37 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:SVN
svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST request.
2024年5月25日 21:36 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_create_ipv6() due to calling ipv6_stub->fib6_nh_release. The bug has been present since the beginning of IPv6 nexthop gateway support. Commit 1aefd3de7bc6 ("ipv6: Add fib6_nh_init and release to stubs") tells us that only fib6_nh_init has a dummy stub because fib6_nh_release should not be called if fib6_nh_init returns an error, but the commit below added a call to ipv6_stub->fib6_nh_release in its error path. To fix it return the dummy stub's -EAFNOSUPPORT error directly without calling ipv6_stub->fib6_nh_release in nh_create_ipv6()'s error path. [1] Output is a bit truncated, but it clearly shows the error. BUG: kernel NULL pointer dereference, address: 000000000000000000 #PF: supervisor instruction fetch in kernel mod
2024年5月25日 21:36 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue count on an interface via ethtool's set_channels(). There is an issue around the bpf_prog refcounting when VSI is being rebuilt - since ice_prepare_xdp_rings() is called with vsi->xdp_prog as an argument that is used later on by ice_vsi_assign_bpf_prog(), same bpf_prog pointers are swapped with each other. Then it is also interpreted as an 'old_prog' which in turn causes us to call bpf_prog_put on it that will decrement its refcount. Below splat can be interpreted in a way that due to zero refcount of a bpf_prog it is wiped out from the system while kernel still tries to refer to it: [ 481.069429] BUG: unable to handle page fault for address: ffffc9000640f038 [ 481.077390] #PF: supervisor read access in kernel mode [
2024年5月25日 21:35 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:Apache
In the Linux kernel, the following vulnerability has been resolved: tcp: fix page frag corruption on page fault Steffen reported a TCP stream corruption for HTTP requests served by the apache web-server using a cifs mount-point and memory mapping the relevant file. The root cause is quite similar to the one addressed by commit 20eb4f29b602 ("net: fix sk_page_frag() recursion from memory reclaim"). Here the nested access to the task page frag is caused by a page fault on the (mmapped) user-space memory buffer coming from the cifs file. The page fault handler performs an smb transaction on a different socket, inside the same process context. Since sk->sk_allaction for such socket does not prevent the usage for the task_frag, the nested allocation modify "under the hood" the page frag in use by the outer sendmsg call, corrupting the stream. The overall relevant stack trace looks like the following: httpd 78268 [001] 3461630.850950: probe:tcp_sendmsg_locked: ffffffff91461d91 tcp_sendmsg_lo
2024年5月25日 21:32 知名组件CVE监控
有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove When ACPI type is ACPI_SMO8500, the data->dready_trig will not be set, the memory allocated by iio_triggered_buffer_setup() will not be freed, and cause memory leak as follows: unreferenced object 0xffff888009551400 (size 512): comm "i2c-SMO8500-125", pid 911, jiffies 4294911787 (age 83.852s) hex dump (first 32 bytes): 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 20 e2 e5 c0 ff ff ff ff ........ ....... backtrace: [<0000000041ce75ee>] kmem_cache_alloc_trace+0x16d/0x360 [<000000000aeb17b0>] iio_kfifo_allocate+0x41/0x130 [kfifo_buf] [<000000004b40c1f5>] iio_triggered_buffer_setup_ext+0x2c/0x210 [industrialio_triggered_buffer] [<000000004375b15f>] kxcjk1013_probe+0x10c3/0x1d81 [kxcjk_1013] Fix it by remove data->dready_trig condition in probe and remove.
2024年5月25日 19:52 Github关注
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode tar…
2024年5月25日 19:52 Github关注
2024年5月25日 18:52 Github关注