Cybersecurity information flow

有新的漏洞组件被发现啦,组件ID:XAMPP
Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.

有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after those lines are printed (although I wasn't able to reproduce that part when reading by hand): [ 1318.016074][ T1082] ====================================================== [ 1318.016607][ T1082] WARNING: possible circular locking dependency detected [ 1318.017107][ T1082] 6.8.0-rc7-00015-ge0c8221b72c0 #17 Not tainted [ 1318.017598][ T1082] ------------------------------------------------------ [ 1318.018096][ T1082] tar/1082 is trying to acquire lock: [ 1318.018585][ T1082] ffff98c44175d6a0 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x40/0x80 [ 1318.019084][ T1082] [ 1318.019084][ T1082] but task is already holding lock: [ 1318.020052][ T1082] ffff98c4c13f55f8 (reservation_ww_class_mutex){+.

有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that dm-raid relies on __md_stop_writes() to frozen sync_thread indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in md_stop_writes(), and since stop_sync_thread() is only used for dm-raid in this case, also move stop_sync_thread() to md_stop_writes(). 2) The flag MD_RECOVERY_FROZEN doesn't mean that sync thread is frozen, it only prevent new sync_thread to start, and it can't stop the running sync thread; In order to frozen sync_thread, after seting the flag, stop_sync_thread() should be used. 3) The flag MD_RECOVERY_FROZEN doesn't mean that writes are stopped, use it as condition for md_stop_writes() in raid_postsuspend() doesn't look correct. Consider that reentrant stop_sync_thread() do nothing, always call md_stop_writes() in raid_postsu

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php.

有新的漏洞组件被发现啦,组件ID:Zabbix
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.

有新的漏洞组件被发现啦,组件ID:F5
In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash.

Simple library to listen and send events to keyboard and mouse (MacOS, Windows, Linux)

Heapless, `static` friendly data structures

🥷 Run AI-agents with an API

🦀 How to minimize Rust binary size 📦

Sonic is a Go library for network and I/O programming that provides developers with a consistent asynchronous model, with a focus on achieving the …

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
[GitHub]CVE-2023-4596 Vulnerable Exploit and Checker Version

" WordPress的Forminator插件由于在上传文件到服务器后才进行文件类型验证，因此存在 arbitrary file uploads 漏洞。此漏洞存在于 versions up to，包括1.24.6版本的upload_post_image()函数中。这使得未经身份验证的攻击者可以在受影响网站的服务器上上传任意文件，可能导致远程代码执行。\n[GitHub] CVE-2023-4596 漏洞利用与检查器版本"

EasySSH是一款功能强大的SSH连接管理工具，提供了针对SSH连接相关的完整、高效且易于使用的解决方案。

用户一定要警惕从未知来源下载的文件，即使是最简单的软件包也能成为恶意软件的载体。

Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
[GitHub]A simulation of CVE-2020-27252 for CSC699.

" 麦迪逊MyCareLink Smart 25000所有版本均在MCL智能患者阅读器软件更新系统中的竞态条件中存在漏洞，这允许未经签名的固件在上传和执行患者阅读器。如果该漏洞被利用，攻击者可以在MCL智能患者阅读器设备上远程执行代码，从而导致设备失控。\n[GitHub]针对CSC699的CVE-2020-27252模拟。"

介绍最新的漏洞分析以及1day放漏。zeppelin通信时候采用三种协议HTTP+websocket+Thrift协议，通过本篇文章可以大体...

[GitHub]A simulation of CVE-2020-27252 for CSC699.

" [GitHub] 为CSC699模拟CVE-2020-27252。\n\n注：CVE-2020-27252 是一个通用漏洞索引（Common Vulnerabilities and Exposures，简称CVE）编号，CSC699可能是某门课程的编号。此处翻译为“为CSC699模拟CVE-2020-27252”，意为在一个名为CSC699的课程中模拟该漏洞。"

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.
[GitHub]CVE-2024-29895 | RCE on CACTI 1.3.X dev

" Cacti提供了一个运营监控和故障管理框架。1.3.x DEV分支上的命令注入漏洞允许任何未认证的用户在PHP的`register_argc_argv`选项设置为`On`时，在服务器上执行任意命令。在`cmd_realtime.php`的第119行，用作命令执行部分之一的`$poller_id`来源于`$_SERVER['argv']，当`register_argc_argv`选项设置为`On`时，该值可以被URL控制。而在许多环境中，如PHP的主Docker镜像，这个选项默认就是`On`。 Commit

总结推荐本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

Plantronics Desktop Hub LPE

当下谈论到高可用时，就是在不断试错的路上交流经验，但幸运的是，在我们之前有无数天才和实践经验供我们学习参考。

The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).
[GitHub]CVE-2024-31974

" com.solarized.firedown（又称Solarized FireDown浏览器&下载器）应用程序1.0.76 for Android 通过一个精心构造的intent，允许远程攻击者执行任意JavaScript代码。com.solarized.firedown.IntentActivity 使用WebView组件显示网页内容，但对通过任何已安装应用程序（无权限）传递的URI或任何附加数据并未进行充分消毒。\n[GitHub]CVE-2024-31974"

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]A submodule for exploiting CVE-2024-32002 vulnerability.

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前，可以利用 Git 中的一个漏洞来创建具有子模块的仓库，从而将文件写入 `.git/` 目录，而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子，使用户无法检查正在执行的代码。该问题已在 2.45.1、2.4

[GitHub]A submodule for exploiting CVE-2024-32002 vulnerability.

" [GitHub] 一个利用CVE-2024-32002漏洞的子模块。"

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
[GitHub]CVE-2018-6574-go-get-RCE

" 在1.8.7之前的Go版本、1.9.x之前的Go 1.9.4版本以及Go 1.10预发布版本（直至Go 1.10rc2）中，通过利用gcc或clang插件功能，由于未对“-fplugin=”和“-plugin=”参数进行拦截，允许在源代码构建过程中执行“go get”远程命令。\n[GitHub]CVE-2018-6574-go-get-RCE"

Hi, it’s David with BHIS! You’ll be saying, “Wow,” every time you use this tool. It’s like a shammy. It’s like a towel. It’s like a sponge. A regular towel […]
The post Introducing Squeegee: The Microsoft Windows RDP Scraping Utility appeared first on Black Hills Information Security.

" 嗨，我是BHIS的David！每次使用这个工具，你都会惊叹不已。它像一块麂皮，像一条毛巾，像一块海绵。普通的毛巾 […]\n本文首次发布于Black Hills信息安全。\n\n介绍Squeegee：Microsoft Windows RDP刮刀实用程序。"

Simple mDNS client/server library in Golang

大模型范式下的知识检索增强实践 https://mp.weixin.qq.com/s/KdhUQC3hKEEolJP-39kt2A
创新人才培养模式 加强网络安全实战型人才培养 https://mp.weixin.qq.com/s/GNonTO4tJvEknCZpcASqbA
卓识 LLM_Factory：领域大模型全流程一站式工具链 https://www.osredm.com/super_cognition/zhuoshi_llm_factory
拟态防御、内生安全以及对安全行业的影响（下） https://mp.weixin.qq.com/s/8lSiWsm9grfB8f7zedJsYw

A small PoC that creates processes in Windows