Hacking8 安全信息流
最近更新
| 时间 | 节点 | |
|---|---|---|
| 2024年5月17日 10:12 | Github关注 | |
| 2024年5月17日 10:12 | Github关注 | |
| 2024年5月17日 10:12 | Github关注 |
Cobaltstrike UDRL with memory evasion |
| 2024年5月17日 10:12 | freebuf |
本文主要探讨企业在管理和强化端点与主机安全方面所面临的挑战,并介绍一些最佳实践和策略,帮助企业构建一个坚固的安全防线。 |
| 2024年5月17日 10:03 | Github_POC |
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. [GitHub]CVE-2016-10033 Wordpress 4.6 Exploit " 在PHPMailer的isMail传输模块中的mailSend函数在5.2.18版本之前可能允许远程攻击者通过构造发送者属性中的\\\"(反斜杠双引号)向邮件命令传递额外参数,从而通过执行任意代码来攻击。\n[GitHub]CVE-2016-10033 Wordpress 4.6漏洞利用" |
| 2024年5月17日 10:03 | Github_POC |
A vulnerability classified as critical has been found in karsany OBridge up to 1.3. Affected is the function getAllStandaloneProcedureAndFunction of the file obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java. The manipulation leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.4 is able to address this issue. The name of the patch is 52eca4ad05f3c292aed3178b2f58977686ffa376. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218376. [GitHub]obride with CVE-2018-25075 " 发现了一个被列为严重的漏洞,位于karsany OBridge 1.3版本之前。受到影响的是文件obridge-main/src/main/java/org/obridge/dao/ProcedureDao.java中的getAllStandaloneProcedureAndFunction功能。该操作导致SQL注入。攻击的复杂度相当高。利用难度被认为较大。升级到1.4版本可以解决这个问题。补丁的名称是52eca4ad05f3c292aed3178b2f58977686ffa376。建议升级受影响的组件。此漏洞的标识符为VDB-218376。\n[GitHub] obride 与 CVE-2018-25075" |
| 2024年5月17日 10:02 | 补天社区 |
不同于理论分析文章,这边分为三个部分,从理论到实战,主要是想让大家入门一下内存马的原理,以及学习利用CC链或者fastjson等打内存马的一些坑点还有如何注入内存马连接冰蝎,让师傅们能快速在实战中上手。 |
| 2024年5月17日 09:32 | 每周科技周刊 |
本周,太阳活动剧烈,引起几十年来最大的地磁暴。地球的中高纬度地区,普遍可以看到极光,就连北京这样的中纬度城市,都出现了极光,上图是长城。(via) 三十年,解决人生三大问题 我最近看到一篇文章,很有意思,分享给大家。 文章大意是,人的一生就是解决三个基本问题:事业、家庭和财务。 一份有成就的事业,一个幸福的家庭,一个健康的财务状况,人生就没有遗憾了。 我们的人生规划,就是朝着解决这三个问题努力。哪 |
| 2024年5月17日 09:12 | freebuf |
澳大利亚政府承诺,自2024-2025财年起,四年内将投入1.607亿澳元,并在之后每年持续投入2460万澳元。 |
| 2024年5月17日 09:02 | 补天社区 |
DSL-JSON 是一个为 JVM(Java 虚拟机)平台设计的高性能 JSON 处理库,支持 Java、Android、Scala 和 Kotlin 语言。它被设计为比任何其他 Java JSON 库都快,与最快的二进制 JVM 编解码器性能相当。浅析其中潜在的参数走私场景。 |
| 2024年5月17日 08:32 | Github关注 |
Cobaltstrike UDRL with memory evasion |
| 2024年5月17日 08:12 | freebuf |
本Q1报告基于其以往的威胁情报研究撰,旨在突出公众应该了解的重大事件和发现。 |
| 2024年5月17日 07:33 | blackhat |
发布时间:2024-05-16 演讲时间:0000-00-00 12:00am 演讲时长:40-Minute Tags:['Hardware / Embedded', 'Exploit Development & Vulnerability Discovery'] 无附件 Stored memory in hardware has had a long history of being influenced by light, by design. For instance, as memory is represented by the series of transistors, and their physical state represents 1's and 0's, original EEPROM memory could be erased via the utilization of UV light, in preparation for flashing new memory. <br><br>Naturally, whilst useful, this also has proven to be an avenue of opportunity to be leveraged by attackers, allowing them to selectively influence memory via a host of optical/light-based techniques. As chips became more advanced, the usage of opaque resin was used as a "temporary" measure to combat this flaw, by coating chips in a material that would reflect undesirable UV.<br><br>Present day opinions are that laser (or light) based hardware attacks, are something that only nation state actors are capable of doing; due to both limitations of cost in to |
| 2024年5月17日 07:12 | Github关注 | |
| 2024年5月17日 05:38 | CXSECURITY Database RSS Feed - |
Topic: VSP Softtech - Blind Sql Injection Risk: Medium Text:********************************************************* #Exploit Title: VSP Softtech - Blind Sql Injection #Date: 2024-05-1... " 主题:VSP Softtech - 盲注SQL注入风险:中等\n文本:*********************************************************\n# 漏洞名称:VSP Softtech - 盲注SQL注入\n# 日期:2024-05-1..." |
| 2024年5月17日 05:37 | CXSECURITY Database RSS Feed - |
Topic: Zope 5.9 Command Injection Risk: Medium Text:# Vulnerability Report ## Title: Command Argument Injection Vulnerability in Zope WSGI Instance Creation Script Leading to R... " 主题:Zope 5.9 命令注入风险:中等\n\n文本:# 漏洞报告\n## 标题:Zope WSGI 实例创建脚本中的命令参数注入漏洞导致远程代码执行\n\n中等风险:在 Zope 5.9 中,WSGI 实例创建脚本中的命令注入漏洞可能导致远程代码执行。攻击者可以通过发送恶意构造的请求来利用此漏洞,从而在受影响的系统上执行任意代码。\n\n为确保安全,请及时更新至 Zope 5.9.1 版本,该版本已修复此漏洞。在安装更新之前,请确保备份您的数据和配置文件。更新完成后,请确保对您的系统进行安全审计,以确保不存在其他潜在的安全隐患。\n\n请注意,遵循最佳实践和安全规范是保护您的 Zope 服务器免受攻击的关键。我们建议您定期更新软件版本、限制用户权限、使用安全配置参数,并确保对所有可疑活动进行实时监控。如有需要,请随时联系我们获取更多安全建议。" |
| 2024年5月17日 05:37 | CXSECURITY Database RSS Feed - |
Topic: SAP Cloud Connector 2.16.1 Missing Validation Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory < 20240513-0 > == title: Tolerating Sel... " 主题:SAP Cloud Connector 2.16.1 缺失验证风险:中等\n文本:SEC Consult 漏洞实验室安全咨询 <20240513-0>\n== 标题:容忍自我签名证书的SAP Cloud Connector 2.16.1存在中等风险的验证缺失\n\nSEC Consult 漏洞实验室警告:SAP Cloud Connector 2.16.1版本在处理自我签名证书时存在验证风险。未经授权的用户可能利用此漏洞实施中间人攻击,窃取或篡改数据。建议用户升级到最新版本以消除风险。" |
| 2024年5月17日 05:37 | Data Breach – Security Affairs |
Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor. MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. The company was forced to shut down its website and phone lines following a cyber attack, but it did not […] " 澳大利亚的电子处方提供商MediSecure遭受了一起可能源自第三方供应商的勒索软件攻击。MediSecure是一家提供数字健康解决方案的公司,尤其在澳大利亚专注于安全电子处方交付服务。在遭受网络攻击后,该公司被迫关闭其网站和电话线路,但并未透露此次攻击的具体细节。" |
| 2024年5月17日 05:37 | CXSECURITY Database RSS Feed - |
Topic: Plantronics Hub 3.25.1 Arbitrary File Read Risk: High Text:# Exploit Title: Plantronics Hub 3.25.1 – Arbitrary File Read # Date: 2024-05-10 # Exploit Author: Farid Zerrouk from Deloi... " 主题:Plantronics Hub 3.25.1 任意文件读取风险:高\n\n文本:# 漏洞名称:Plantronics Hub 3.25.1 – 任意文件读取\n# 日期:2024-05-10\n# 漏洞作者:Farid Zerrouk 来自 Deloi..." |
| 2024年5月17日 05:37 | CXSECURITY Database RSS Feed - |
Topic: CrushFTP Directory Traversal Risk: Medium Text:## Exploit Title: CrushFTP Directory Traversal ## Google Dork: N/A # Date: 2024-04-30 # Exploit Author: [Abdualhadi khalifa ... |
| 2024年5月17日 04:02 | Github_POC |
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. [GitHub]CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection " WordPress的Tutor LMS Pro插件存在数据未经授权访问、数据篡改以及因在'get_calendar_materials'函数中缺少能力检查而导致的数据丢失风险。该插件还因对用户提供的参数进行不足的转义和现有SQL查询准备不足,而容易受到SQL注入攻击,通过该函数的'year'参数。这使得经过身份验证的攻击者(具有订阅者级别权限及以上的用户)可以将附加的SQL查询添加到已存在的查询中,从而从数据库中提取敏感信息。\n\n[GitHub]CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - 缺少SQL注入授权" |
| 2024年5月17日 03:40 | Github_POC |
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. [GitHub]Demonstration of CVE-2020-0601 aka curveball. Based on the PoC's available at https://github.com/kudelskisecurity/chainoffools and https://github.com/ly4k/CurveBall " 一种伪造漏洞存在于Windows CryptoAPI(Crypt32.dll)验证椭圆曲线密码学(ECC)证书的方式中。攻击者可以通过使用伪造的代码签名证书来签名恶意可执行文件,使其看似来自可信、合法的来源,即“Windows CryptoAPI伪造漏洞”。\n[GitHub]展示了CVE-2020-0601,也称为curveball。基于https://github.com/kudelskisecurity/chainoffools和https://github.com/ly4k/CurveBall上的证明文件。" |
| 2024年5月17日 03:40 | Github_POC |
[GitHub]CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection " [GitHub] CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - 缺失SQL注入授权\n\n(注:CVE-2024-4352 是漏洞编号,Tutor LMS Pro 是一款学习管理系统,2.7.0 是版本号,SQL 注入是一种攻击技术。)" |
| 2024年5月17日 01:02 | 方糖气球🎈 |
因为经常做一些自动化的工作,所以我会写一些脚本,不管是用无头浏览器去获取一些网站的内容,还是利用apple s […]
🎉
1
|
| 2024年5月17日 00:32 | Github关注 |
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. |
| 2024年5月17日 00:12 | SecWiki周报 |
从RSAC2024看SOC发展趋势 https://mp.weixin.qq.com/s/28Py327MM1tCco0y-LhYUQ Llama-Code Shield解读:大模型代码安全护盾解析 https://mp.weixin.qq.com/s/IPLaYB6d8y21hMhLz1FCsw |
| 2024年5月16日 23:38 | Black Hills Information Securi |
This is Part Two of the blog series, Offensive IoT for Red Team Implants, so if you have not read PART ONE, I would encourage you do to so first […] The post Offensive IoT for Red Team Implants (Part 2) appeared first on Black Hills Information Security. " 这是“红队植入物的进攻性物联网”系列博客的第二部分,所以如果你还没有阅读第一部分,我建议你先阅读一下 […]\n该文章首发于Black Hills Information Security。\n\n这是“红队植入物的进攻性物联网”系列博客的第二部分,如果你还没有阅读第一部分,我建议你先阅读 […]\n原文发表于Black Hills Information Security。" |
| 2024年5月16日 23:37 | Microsoft Security Blog |
Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management and positioned based on our Ability to Execute Completeness of vision. The post Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management appeared first on Microsoft Security Blog. " Microsoft被评为2024年Gartner®安全信息与事件管理魔力象限(Magic Quadrant™)领导者,位置是根据我们的执行力与愿景完整性而定。\n微软再次被评为2024年Gartner®安全信息与事件管理魔力象限(Magic Quadrant™)领导者,首发于微软安全博客。" |
| 2024年5月16日 23:34 | Armin Ronacher's Thoughts and |
Given that building programming languages and interpreters is the developer's most favorite hobby, I will never stop writing templating engines. About three years ago I first wanted to see if I can make an implementation of my Jinja2 template engine for Rust. It's called MiniJinja and very close in behavior to Jinja2. Close enought that I have seen people pick it up more than I thought they would. For instance the Hugging Face Text Generation Inference uses it for chat templates. I wrote it primarily just to see how you would introduce dynamic things into a language that doesn't have much of a dynamic runtime. A few weeks ago I released a major new version of the engine that has a very different internal object model for values and in this post I want to share a bit how it works, and what you can learn from it. At the heart of it is a type_erase! macro originally contributed by Sergio Benitez. This post goes into the need and usefulness of that macro. Runtime Values To understand the problem you first need to |
| 2024年5月16日 21:41 | Github_POC |
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. [GitHub]Poc para explotar la vulnerabilidad CVE-2024-23897 en versiones 2.441 y anteriores de Jenkins, mediante la cual podremos leer archivos internos del sistema sin estar autenticados " Jenkins 2.441及更早版本,LTS 2.426.2及更早版本,其CLI命令解析器中的一个功能并未被禁用,该功能会将参数中跟随文件路径的'@'字符替换为文件内容,允许未经身份验证的攻击者读取Jenkins控制器文件系统中的任意文件。\n[GitHub]针对Jenkins 2.441及更早版本的CVE-2024-23897漏洞的利用示例,通过此漏洞,我们可以未经认证地读取系统内部的文件。" |