Cybersecurity information flow

Simple library to listen and send events to keyboard and mouse (MacOS, Windows, Linux)

Heapless, `static` friendly data structures

🥷 Run AI-agents with an API

🦀 How to minimize Rust binary size 📦

Sonic is a Go library for network and I/O programming that provides developers with a consistent asynchronous model, with a focus on achieving the …

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
[GitHub]CVE-2023-4596 Vulnerable Exploit and Checker Version

" WordPress的Forminator插件由于在上传文件到服务器后才进行文件类型验证，因此存在 arbitrary file uploads 漏洞。此漏洞存在于 versions up to，包括1.24.6版本的upload_post_image()函数中。这使得未经身份验证的攻击者可以在受影响网站的服务器上上传任意文件，可能导致远程代码执行。\n[GitHub] CVE-2023-4596 漏洞利用与检查器版本"

EasySSH是一款功能强大的SSH连接管理工具，提供了针对SSH连接相关的完整、高效且易于使用的解决方案。

用户一定要警惕从未知来源下载的文件，即使是最简单的软件包也能成为恶意软件的载体。

Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
[GitHub]A simulation of CVE-2020-27252 for CSC699.

" 麦迪逊MyCareLink Smart 25000所有版本均在MCL智能患者阅读器软件更新系统中的竞态条件中存在漏洞，这允许未经签名的固件在上传和执行患者阅读器。如果该漏洞被利用，攻击者可以在MCL智能患者阅读器设备上远程执行代码，从而导致设备失控。\n[GitHub]针对CSC699的CVE-2020-27252模拟。"

介绍最新的漏洞分析以及1day放漏。zeppelin通信时候采用三种协议HTTP+websocket+Thrift协议，通过本篇文章可以大体...

[GitHub]A simulation of CVE-2020-27252 for CSC699.

" [GitHub] 为CSC699模拟CVE-2020-27252。\n\n注：CVE-2020-27252 是一个通用漏洞索引（Common Vulnerabilities and Exposures，简称CVE）编号，CSC699可能是某门课程的编号。此处翻译为“为CSC699模拟CVE-2020-27252”，意为在一个名为CSC699的课程中模拟该漏洞。"

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.
[GitHub]CVE-2024-29895 | RCE on CACTI 1.3.X dev

" Cacti提供了一个运营监控和故障管理框架。1.3.x DEV分支上的命令注入漏洞允许任何未认证的用户在PHP的`register_argc_argv`选项设置为`On`时，在服务器上执行任意命令。在`cmd_realtime.php`的第119行，用作命令执行部分之一的`$poller_id`来源于`$_SERVER['argv']，当`register_argc_argv`选项设置为`On`时，该值可以被URL控制。而在许多环境中，如PHP的主Docker镜像，这个选项默认就是`On`。 Commit

总结推荐本周的热点资讯、安全事件、一周好文和省心工具，保证大家不错过本周的每一个重点！

Plantronics Desktop Hub LPE

当下谈论到高可用时，就是在不断试错的路上交流经验，但幸运的是，在我们之前有无数天才和实践经验供我们学习参考。

The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).
[GitHub]CVE-2024-31974

" com.solarized.firedown（又称Solarized FireDown浏览器&下载器）应用程序1.0.76 for Android 通过一个精心构造的intent，允许远程攻击者执行任意JavaScript代码。com.solarized.firedown.IntentActivity 使用WebView组件显示网页内容，但对通过任何已安装应用程序（无权限）传递的URI或任何附加数据并未进行充分消毒。\n[GitHub]CVE-2024-31974"

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
[GitHub]A submodule for exploiting CVE-2024-32002 vulnerability.

" Git 是一种版本控制系统。在 2.45.1、2.44.1、2.43.4、2.42.2、2.41.1、2.40.2 和 2.39.4 版本之前，可以利用 Git 中的一个漏洞来创建具有子模块的仓库，从而将文件写入 `.git/` 目录，而不是子模块的工作树。这允许在克隆操作仍在运行时编写一个钩子，使用户无法检查正在执行的代码。该问题已在 2.45.1、2.4

[GitHub]A submodule for exploiting CVE-2024-32002 vulnerability.

" [GitHub] 一个利用CVE-2024-32002漏洞的子模块。"

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
[GitHub]CVE-2018-6574-go-get-RCE

" 在1.8.7之前的Go版本、1.9.x之前的Go 1.9.4版本以及Go 1.10预发布版本（直至Go 1.10rc2）中，通过利用gcc或clang插件功能，由于未对“-fplugin=”和“-plugin=”参数进行拦截，允许在源代码构建过程中执行“go get”远程命令。\n[GitHub]CVE-2018-6574-go-get-RCE"

Hi, it’s David with BHIS! You’ll be saying, “Wow,” every time you use this tool. It’s like a shammy. It’s like a towel. It’s like a sponge. A regular towel […]
The post Introducing Squeegee: The Microsoft Windows RDP Scraping Utility appeared first on Black Hills Information Security.

" 嗨，我是BHIS的David！每次使用这个工具，你都会惊叹不已。它像一块麂皮，像一条毛巾，像一块海绵。普通的毛巾 […]\n本文首次发布于Black Hills信息安全。\n\n介绍Squeegee：Microsoft Windows RDP刮刀实用程序。"

Simple mDNS client/server library in Golang

大模型范式下的知识检索增强实践 https://mp.weixin.qq.com/s/KdhUQC3hKEEolJP-39kt2A
创新人才培养模式 加强网络安全实战型人才培养 https://mp.weixin.qq.com/s/GNonTO4tJvEknCZpcASqbA
卓识 LLM_Factory：领域大模型全流程一站式工具链 https://www.osredm.com/super_cognition/zhuoshi_llm_factory
拟态防御、内生安全以及对安全行业的影响（下） https://mp.weixin.qq.com/s/8lSiWsm9grfB8f7zedJsYw

A small PoC that creates processes in Windows

After a slow and painful 2024 Cap10K, I ran the HEB Sunshine Run 10K on May 5th in 1:05:53, just 22 seconds faster, but without pain or surprises. After months without running several hours per week, my fitness has definitely fallen off a cliff. I either need to get back to the treadmill or restartContinue reading "Spring 2024 Updates"

" 在艰难的2024年Cap10K之后，我于5月5日参加了HEB阳光跑，以1小时5分53秒的成绩完成，仅比上次快了22秒，但没有疼痛和惊喜。在连续几个月每周没有跑步几小时的情况下，我的体能确实下降了很多。我需要在跑步机上重新开始锻炼，或者重新启动户外跑步。\n\nspring 2024 更新：\n\n在经历了漫长而痛苦的2024年Cap10K之后，我于5月5日参加了HEB阳光跑，成绩为1小时5分53秒，仅仅比上次快了22秒。然而这次跑步过程没有疼痛，也没有令人惊讶的地方。在连续几个月里，由于每周跑步时间不足几小时，我的体能已经大幅下滑。我必须在跑步机上重新开始锻炼，或者重新启动户外跑步计划。"

针对新型传播载荷之恶意OneNote文档分析研究

In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
[GitHub]CVE-2022-22978漏洞实例代码

" 在Spring Security版本5.5.6、5.5.7以及更早的不受支持的版本中，正则表达式请求匹配器（RegexRequestMatcher）可能被误配置以绕过某些servlet容器。使用正则表达式请求匹配器并包含`.`的应用程序可能存在授权绕过漏洞。\n[GitHub]CVE-2022-22978漏洞实例代码"

[GitHub]PoC for CVE-2024-27130

" [GitHub] 针对CVE-2024-27130的证明概念"

PoC for CVE-2024-27130