当前节点:rss
时间节点
2022年8月12日 15:36Stories by SAFARAS K A on Medi
We are going to talk about “Excessive Data Exposure” in this post that we are making for API Security.
Continue reading on InfoSec Write-ups »
我们将在这篇为 API 安全而写的文章中讨论“过度数据暴露”。
继续阅读资讯安全网的文章”
2022年8月12日 13:31360漏洞预警
360-CERT每日安全简报
2022年8月12日 09:10Github_POC
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
[GitHub]A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
Software/apt-lib.pl 在1.997之前的 Webmin 缺乏用于 UI 命令的 HTML 转义。
[ GitHub ]在 Webmin < 1.997上利用 CVE-2022-36446软件包更新 RCE (Authenticated)的 Python 脚本。
2022年8月12日 09:09跳跳糖
上周周末结束的 corCTF 中有一个题目提出了一种很有意思的攻击,该攻击方式可以利用 HTTP/2 Server Push 机制 XSS 到其他域,尽管利用条件有点苛刻,但是我个人非常喜欢这种 Magic 的攻击方式。(在征求了原作者 @ehhthing 同意下将该方法分享给大家)
2022年8月12日 08:40Github_POC
[GitHub]A Python script to exploit CVE-2022-36446 Software Package Updates RCE (Authenticated) on Webmin < 1.997.
[ GitHub ]在 Webmin < 1.997上利用 CVE-2022-36446软件包更新 RCE (Authenticated)的 Python 脚本。
2022年8月12日 08:40Github_POC
[GitHub]PoC for CVE-2022-24654
[ GitHub ]用于 CVE-2022-24654的 PoC
2022年8月12日 08:40Github_POC
[GitHub]GOG Galaxy LPE Exploit
2022年8月12日 07:37text/plain
Passwords have lousy security properties, and if you try to use them securely (long, complicated, and different for every site), they often have horrible usability as well. Over the decades, the industry has slowly tried to shore up passwords’ security with multi-factor authentication (e.g. one-time codes via SMS, ToTP authenticators, etc) and usability improvements (e.g.Continue reading "Passkeys – Syncable WebAuthN credentials"
密码具有糟糕的安全属性,如果您试图安全地使用它们(对于每个站点,它们都是长的、复杂的和不同的) ,那么它们的可用性通常也很糟糕。几十年来,业界一直在慢慢尝试通过双重身份验证(例如,通过短信发送一次性代码、 ToTP 身份验证器等)和可用性改进(例如,继续阅读“ Passkey-SynCable WebAuthN 凭证”)来加强密码的安全性
2022年8月12日 07:34CXSECURITY Database RSS Feed -
Topic: Intelbras ATA 200 Cross Site Scripting Risk: Low Text:# Exploit Title: Intelbras ATA 200 Authenticated Stored XSS # Date: 17/01/2022 # Exploit Author: Leonardo Goncalves # Vendor...
2022年8月12日 07:34CXSECURITY Database RSS Feed -
Topic: Fiberhome AN5506-02-B Cross Site Scripting Risk: Low Text:# Exploit Title: FiberHome - AN5506-02-B - RP2521 - Authenticated Stored XSS # Date: 10/08/2022 # Exploit Author: Leonardo Go...
标题: FiberHome-AN5506-02-b 跨网站脚本风险: 低文本: # 开发标题: FiberHome-AN5506-02-b-RP2521-验证存储的 XSS # 日期: 10/08/2022 # 开发作者: Leonardo Go..。
2022年8月12日 07:34CXSECURITY Database RSS Feed -
Topic: AirSpot 5410 0.3.4.1-4 Remote Command Injection Risk: High Text:# -*- coding: utf-8 -*- # Exploit Title: AirSpot unauthenticated remote command injection # Date: 7/26/2022 # Exploit Auth...
主题: AirSpot 54100.3.4.1-4远程命令注入风险: 高风险文本: #-*-编码: utf-8-*-# 开发标题: AirSpot 未经身份验证的远程命令注入 # 日期: 7/26/2022 # 开发授权..。
2022年8月12日 07:34CXSECURITY Database RSS Feed -
Topic: Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass Risk: Medium Text:# Exploit Title: Sophos XG115w Firewall 17.0.10 MR-10 - Authentication Bypass # Date: 2022-08-09 # Exploit Author: Aryan Cheh...
讲题: Sophos XG115w 防火墙17.0.10 MR-10认证绕过风险: 中等文本: # 开发标题: Sophos XG115w 防火墙17.0.10 MR-10认证绕过 # 日期: 2022-08-09 # 开发作者: Aryan Cheh..。
2022年8月12日 07:34CXSECURITY Database RSS Feed -
Topic: Matrimonial PHP Script 1.0 SQL Injection Risk: Medium Text:...
2022年8月12日 06:40Exploitalert
Intelbras ATA 200 Cross Site Scripting
2022年8月12日 06:40Exploitalert
Fiberhome AN5506-02-B Cross Site Scripting
2022年8月12日 06:40Exploitalert
AirSpot 5410 0.3.4.1-4 Remote Command Injection
AirSpot 54100.3.4.1-4远程命令注入
2022年8月12日 06:40Exploitalert
Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass
Sophos XG115w 防火墙17.0.10 MR-10认证旁路
2022年8月12日 06:40Exploitalert
Matrimonial PHP Script 1.0 SQL Injection
2022年8月12日 03:34Trustwave Blog
Modern healthcare is amazing. Hundreds of people, devices, and gigabytes of data are all harmonized to save lives and keep people healthy. Unfortunately, the very pieces that help keep us well provide a perfect hunting ground for threat actors.
现代医疗真是太棒了。数以百计的人,设备,和千兆字节的数据都是协调一致的,以拯救生命和保持人们的健康。不幸的是,正是这些帮助我们保持健康的碎片为威胁分子提供了一个完美的狩猎场。
2022年8月12日 01:37burp
Attack on Taiwan seemingly a case of ‘when’ not ‘if’ Chris Krebs, the former director of the US Cybersecurity and Infrastructure Security Agency (CISA), says the infosec industry is “bearish in the sh
美国网络安全与基础设施安全局(CISA)前局长克里斯•克雷布斯(Chris Krebs)表示,信息安全行业“看空台湾”
2022年8月12日 01:34Source Incite
On March 2nd, I reported several security vulnerabilities to VMWare impacting their Identity Access Management (IAM) solution. In this blog post I will discuss some of the vulnerabilities I found, the motivation behind finding such vulnerabilities and how companies can protect themselves. The result of the research project concludes with a pre-authenticated remote root exploit chain nicknamed Hekate. The advisories and patches for these vulnerabilities can be found in the references section.
Introduction
Single Sign On (SSO) has become the dominant authentication scheme to login to several related, yet independent, software systems. At the core of this are the identity providers (IdP). Their role is to perform credential verification and to supply a signed token containing assertions that a service providers (SP) can consume for access control. This is implemented using a protocol called Security Assertion Markup Language (SAML).
On the other hand, when an application requests resources on behalf of a user an
2022年8月12日 01:31burp
Renowned researcher James Kettle demonstrates his latest attack technique in Las Vegas
著名研究员詹姆斯 · 凯特尔在拉斯维加斯展示他最新的攻击技术
2022年8月12日 01:31Microsoft Security Response Ce
The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize security research in high-impact areas to stay ahead of the ever-changing security landscapes, emerging technology, and new threats. Security Researchers help us secure millions of …
Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards Read More »
微软的 Bug Bounty 计划以及与全球安全研究团体的伙伴关系是微软保护客户免受安全威胁的整体方法的重要组成部分。我们的奖金计划鼓励在高影响地区的安全研究,以保持在不断变化的安全景观,新兴技术和新的威胁之前。安全研究人员帮助我们保护数百万..。
返回文章页面微软臭虫奖励计划年度回顾: 1370万美元奖励译者:
2022年8月12日 00:10Packet Storm
Ubuntu Security Notice 5564-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu 安全公告5564-1-张鹏林(音译)发现 Linux 内核中的网络包调度器实现在某些情况下在释放路由过滤器之前并没有正确地删除所有对路由过滤器的引用。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者执行任意的代码。发现 Linux 内核的 netfilter 子系统没有阻止一个 nft 对象引用另一个 nft 表中的 nft 集,从而导致了免费使用后的漏洞。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者执行任意的代码。
2022年8月12日 00:10Packet Storm
Ubuntu Security Notice 5565-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu 安全公告5565-1-张鹏林(音译)发现 Linux 内核中的网络包调度器实现在某些情况下在释放路由过滤器之前并没有正确地删除所有对路由过滤器的引用。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者执行任意的代码。发现 Linux 内核的 netfilter 子系统没有阻止一个 nft 对象引用另一个 nft 表中的 nft 集,从而导致了免费使用后的漏洞。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者执行任意的代码。
2022年8月12日 00:10Packet Storm
Red Hat Security Advisory 2022-6043-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8.
红帽保安忠告2022-6043-01-。NET 是一个托管软件框架。它实现。NET 框架 API 和几个新的 API,并且它包括一个 CLR 实现。新版本的。现在可以使用 NET 来处理安全漏洞。更新的版本是。NET SDK 6.0.108及。NET 运行时6.0.8。
2022年8月12日 00:10Packet Storm
Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6042-01-Red Hat OpenShift Serverless Client kn 1.24.0提供了与 Red Hat OpenShift Serverless 1.24.0交互的 CLI。Kn CLI 是作为 RHEL 平台上的安装 RPM 包和非 Linux 平台的二进制文件交付的。解决的问题包括旁路和分布式拒绝服务攻击漏洞。
2022年8月12日 00:10Packet Storm
Red Hat Security Advisory 2022-6040-01 - Version 1.24.0 of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11. This release includes security and bug fixes, and enhancements. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2022-6040-01-Version 1.24.0的 OpenShift Serverless Operator 支持 Red Hat OpenShift Container Platform Version 4.6,4.7,4.8,4.9,4.10和4.11。此版本包括安全性和 bug 修复以及增强。解决的问题包括旁路和分布式拒绝服务攻击漏洞。
2022年8月12日 00:10Packet Storm
Ubuntu Security Notice 5563-1 - It was discovered that http-parser incorrectly handled certain requests. An attacker could possibly use this issue to bypass security controls or gain unauthorized access to sensitive data.
Ubuntu 安全通知5563-1-发现 http-parser 错误地处理了某些请求。攻击者可能使用这个问题来绕过安全控制或获得对敏感数据的未经授权的访问。
2022年8月12日 00:10Packet Storm
Ubuntu Security Notice 5566-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu 安全公告5566-1-张鹏林(音译)发现 Linux 内核中的网络包调度器实现在某些情况下在释放路由过滤器之前并没有正确地删除所有对路由过滤器的引用。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者执行任意的代码。发现 Linux 内核的 netfilter 子系统没有阻止一个 nft 对象引用另一个 nft 表中的 nft 集,从而导致了免费使用后的漏洞。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者执行任意的代码。
2022年8月12日 00:10Packet Storm
Ubuntu Security Notice 5567-1 - Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the netfilter subsystem of the Linux kernel did not prevent one nft object from referencing an nft set in another nft table, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or execute arbitrary code.
Ubuntu 安全公告5567-1-张鹏林(音译)发现 Linux 内核中的网络包调度器实现在某些情况下在释放路由过滤器之前并没有正确地删除所有对路由过滤器的引用。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者执行任意的代码。发现 Linux 内核的 netfilter 子系统没有阻止一个 nft 对象引用另一个 nft 表中的 nft 集,从而导致了免费使用后的漏洞。一个本地攻击者可以利用这个分布式拒绝服务攻击导致一个错误或者执行任意的代码。
2022年8月12日 00:10Packet Storm
Gentoo Linux Security Advisory 202208-17 - Multiple vulnerabilities have been found in Nextcloud, the worst of which could result in denial of service. Versions less than 23.0.4 are affected.
Gentoo Linux 安全咨询2022/08-17-Nextcloud 发现多个漏洞,其中最严重的可能导致分布式拒绝服务攻击。小于23.0.4的版本受到影响。
2022年8月12日 00:10Packet Storm
Gentoo Linux Security Advisory 202208-15 - Multiple vulnerabilities have been discovered in isync, the worst of which could result in arbitrary code execution. Versions less than 1.4.4 are affected.
Gentoo Linux 安全咨询202208-15-在 issync 中发现了多个漏洞,其中最严重的漏洞可能导致任意代码执行。小于1.4.4的版本受到影响。
2022年8月12日 00:10Packet Storm
Gentoo Linux Security Advisory 202208-19 - An open redirect vulnerability has been discovered in aiohttp. Versions less than 3.7.4 are affected.
Gentoo Linux 安全咨询202208-19-在 aiohttp 中发现了一个开放的重定向漏洞。小于3.7.4的版本受到影响。
2022年8月12日 00:10Packet Storm
Gentoo Linux Security Advisory 202208-18 - A vulnerability in Motion allows a remote attacker to cause denial of service. Versions less than 4.3.2 are affected.
Gentoo Linux 安全咨询202208-18-一个运动中的漏洞允许远程攻击者引起分布式拒绝服务攻击。小于4.3.2的版本受到影响。
2022年8月12日 00:10Packet Storm
Gentoo Linux Security Advisory 202208-16 - A vulnerability in faac could result in denial of service. Versions less than 1.30 are affected.
Gentoo Linux 安全咨询2022/08-16-faac 中的一个漏洞可能导致分布式拒绝服务攻击。小于1.30的版本受到影响。
2022年8月12日 00:10Packet Storm
Ubuntu Security Notice 5556-1 - It was discovered that Booth incorrectly handled user authentication. An attacker could use this vulnerability to cause a denial of service.
Ubuntu 安全通知5556-1-发现 Booth 错误地处理了用户身份验证。攻击者可以利用这个漏洞造成分布式拒绝服务攻击。
2022年8月12日 00:10Packet Storm
Intelbras ATA 200 with firmware version 74.19.10.21 suffers from a persistent cross site scripting vulnerability.
固件版本74.19.10.21的 Intelbras ATA 200一直存在跨网站脚本漏洞。
2022年8月12日 00:10Packet Storm
Fiberhome AN5506-02-B with firmware version RP2521 suffers from a persistent cross site scripting vulnerability.
采用固件版本 rp2521的 Fiberhome AN5506-02-b 一直存在跨网站脚本漏洞。
2022年8月11日 23:40Packet Storm
2022年8月11日 23:40Packet Storm
2022年8月11日 23:40Packet Storm
2022年8月11日 23:40Packet Storm
2022年8月11日 23:40Packet Storm
2022年8月11日 23:39倾旋‘s blog
通常情况下获得Java Webshell碰到数字杀毒的场景居多,在这个环境中经常会遇到无法执行命令或命令被拦截的情况,很多小伙伴遇到这个问题就劝退了,我猜测是有一套进程链的检测方式导致了命令无法执行,于是去查看Java的文档,查阅到Java能够加载动态链接库且能够执行动态链接库中的代码,本文演示如何利用Java加载动态链接库的方式实现绕过了数字杀毒的拦截.....
2022年8月11日 23:39nccgroup
Max Groot & Ruud van Luijk TL;DR A recently uncovered malware sample dubbed ‘Saitama’ was uncovered by security firm Malwarebytes in a weaponized document, possibly targeted towards the Jordan government. This Saitama implant uses DNS as its sole Command and Control channel and utilizes long sleep times and (sub)domain randomization to evade detection. As no … Continue reading Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study  →
马克斯 · 格鲁特和鲁德 · 范 · 路易克在一份武器化的文件中发现了一个最近被安全公司发现的被称为“ Saitama”的恶意软件样本,可能是针对约旦政府的。这个 Saitama 植入使用 DNS 作为其唯一的命令和控制通道,并利用长睡眠时间和(子)域随机化来逃避检测。继续阅读检测 DNS 植入物: 老猫,新把戏-一个琦玉案例研究→
2022年8月11日 23:38burp
Open source recon tool automates some of the more time-consuming pen testing tasks
开源侦察工具可以自动完成一些耗时较长的笔测试任务
2022年8月11日 23:38Software Integrity Blog
In this episode of AppSec Decoded, we discuss some of the research published by the Synopsys Cybersecurity Research Center (CyRC).
The post AppSec Decoded: An introduction to the Synopsys Cybersecurity Research Center appeared first on Application Security Blog.
在本期的 AppSec 解码中,我们将讨论由 Synopsys 网络安全研究中心(CyRC)发布的一些研究成果。
AppSec 解码后: Synopsys 网络安全研究中心的介绍首先出现在应用安全博客上。
2022年8月11日 23:37Stories by SAFARAS K A on Medi
Phoenix Challenges — Stack Zero
The Challenge
The challenge’s description and source code are located here. It and all other Phoenix binaries are located in the /opt/phoenix/amd64 directory. A previous post describes how to set up the Virtual Machine for Exploit Education’s Phoenix challenges, if that hasn’t been done already.
Objective
Looking at Stack Zero’s C code, we see the changeme variable stored in the locals struct initialized to 0. The goal is to tamper with its value and make it non-zero to print the desired statement.
Related Concept
Executed programs look like this inside computer memory:
The stack and the heap are the two main memory structures. To keep it short:
The Stack is used for storing information regarding called functions and their local variables. When a new function is called, the machine expands the stack’s size downwards with more room for storing its local variables and information regarding this function call. Conversely, the machine frees up stack memory and decreases its size up
2022年8月11日 23:37Stories by SAFARAS K A on Medi
Hacker101 CTF — Micro CMS v1 Flag 0 Walkthrough
Let’s try creating a new page first.
Now let’s change the content of the page we have created.
Let’s edit the content of page 8.
Can we change the content of other pages? Let’s check if we can change the content of the different pages in turn. When we edit the content of page number 5, we get the flag.
An access control vulnerability where we access an object created by a different user is called IDOR. With this vulnerability, it can provide access to a different content. We can make transactions in the system with the ID of a different person. Imagine that when we change the ID, you can operate on a web server with the admin user.
From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 Github Repos and tools, and 1 job alert for FREE!
Hacker101 CTF — Micro CMS v1 Flag 0 was originally published in InfoSec W
2022年8月11日 23:37Stories by SAFARAS K A on Medi
PortSwigger Web Security Lab: SQL injection UNION attack, determining the number of columns returned by the query
Hello, in this article, we will discuss the solution of SQL injection UNION attack, determining the number of columns returned by the query lab in Port Swigger Web Security Lab.
We remember that there is SQL injection in the category parameter. We can use the following payloads to detect how many columns are in a table:
‘ UNION SELECT 1,2,3,…., —
‘ UNION SELECT NULL,NULL,NULL,. —
‘+UNION+SELECT+NULL,NULL,NULL —
‘+UNION+SELECT+1,2,3 —
For the solution, the value should continue to be added until the error messages disappear or until a content containing a null value appears.
Or we can try to detect the number of columns using order by. If we get an error, we may think that we have exceeded the number of columns.
‘ ORDER BY 1 —
‘ ORDER BY 2 —
‘ ORDER BY 3 —
From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the lat
2022年8月11日 21:31burp
AWSGoat and AzureGoat tools showcased in Las Vegas this week
AWSGoat 和 AzureGoat 工具本周在拉斯维加斯展出
2022年8月11日 19:31burp
Open source utility exposes payloads without running vulnerable Java code
开放源码实用程序在不运行易受攻击的 Java 代码的情况下公开有效负载
2022年8月11日 18:10Github_POC
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
[GitHub]CVE-2007-2447 exploit written in python to get reverse shell
Samba 3.0.0到3.0.25 rc3中 smbd 中的 MS-RPC 功能允许远程攻击者在启用“用户名映射脚本”smb.conf 选项时,通过涉及(1) SamrChangePassword 函数的 shell 元字符执行任意命令,并允许远程身份验证用户通过涉及(2)远程打印机和(3)文件共享管理中的其他 MS-RPC 功能的 shell 元字符执行命令。
[ GitHub ] CVE-2007-2447利用 Python 编写的漏洞获得反向 shell
2022年8月11日 18:10Github_POC
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
[GitHub]PoC for GLPI CVE-2022-31061
GLPI 是一个免费的资产和 IT 管理软件包,数据中心管理,ITIL 服务台,许可证跟踪和软件审计。在受影响的版本中,在登录页面上可能存在 SQL 注入漏洞。利用此漏洞不需要用户凭据。建议用户尽快升级。对于这个问题没有已知的解决办法。
[ GitHub ] GLPI CVE-2022-31061的 PoC
2022年8月11日 18:10Github_POC
prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.
[GitHub]Exploit for PrestaShop bockwishlist module 2.1.0 SQLi (CVE-2022-31101)
Prestashop/lockwishlist 是一个 prestashop 扩展,它添加了一个包含客户愿望列表的块。在受影响的版本中,经过身份验证的客户可以执行 SQL 注入。这个问题在2.1.1版中得到了修复。建议用户升级。对于这个问题没有已知的解决办法。
[ GitHub ] PrestaShop bockwishlist 模块2.1.0 SQLi 的开发(CVE-2022-31101)
2022年8月11日 18:10Github_POC
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21879.
[GitHub]POC of CVE-2022-21881 exploited at TianfuCup 2021 to escape Chrome Sandbox
特权漏洞的 Windows 内核提升。这个 CVE ID 是 CVE-2022-21879中唯一的。
[ GitHub ] CVE-2022-21881的 POC 在2021年天福杯上被利用以逃避 Chrome 沙盒
2022年8月11日 18:10Github_POC
Secure Boot Security Feature Bypass Vulnerability.
[GitHub]baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
安全启动安全特性绕过漏洞。
[ GitHub ]接力棒(CVE-2022-21894) : 安全启动安全特性绕过漏洞
2022年8月11日 18:10Github_POC
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators b
2022年8月11日 18:10Github_POC
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
[GitHub]This vulnerability allows an attacker to gain unauthorized access to the firewall management space by bypassing authentication
在 User Portal 和 Webadmin 中的身份验证绕过漏洞允许远程攻击者执行 Sophos Firewall v18.5 MR3及更老版本的代码。
[ GitHub ]这个漏洞允许攻击者通过绕过身份验证获得对防火墙管理空间的未授权访问