信息源 | 时间 | ||
---|---|---|---|
Black Hat
|
BlackHatEvents | 原文
RT Tenable: It'll be 🌞🥵 in Las Vegas but we'll keep you feeling 🧊😌. COOL OFF your #attacksurface with Tenable at #BHUSA. |
|
PwnFunction
|
PwnFunction | 原文
New Video! ✨ Why You Should Not Trust Computer Generated Random Numbers 👉 |
|
Alvaro Muñoz 🇺🇦
|
pwntester | 原文
RT GitHub Security Lab: GHSL-2022-017: Arbitrary command execution through Apache Commons Configuration - CVE-2022-33980 |
|
CVE
|
CVEnew | 原文
CVE-2022-2408 The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user ... |
|
CVE
|
CVEnew | 原文
CVE-2022-2406 The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allow... |
|
CVE
|
CVEnew | 原文
CVE-2022-2401 Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive in... |
|
CVE
|
CVEnew | 原文
CVE-2022-32297 Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. |
|
CVE
|
CVEnew | 原文
CVE-2022-31142 @fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.... |
|
CVE
|
CVEnew | 原文
CVE-2022-22460 IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further at... |
|
CVE
|
CVEnew | 原文
CVE-2022-22453 IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt hi... |
|
CVE
|
CVEnew | 原文
CVE-2022-22452 IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force ... |
|
CVE
|
CVEnew | 原文
CVE-2022-22450 IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in a... |
|
CVE
|
CVEnew | 原文
CVE-2022-35283 IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HT... |
|
CVE
|
CVEnew | 原文
CVE-2022-22477 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary ... |
|
CVE
|
CVEnew | 原文
CVE-2022-22473 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by imprope... |
|
CVE
|
CVEnew | 原文
CVE-2021-39028 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, cause... |
|
CVE
|
CVEnew | 原文
CVE-2021-39019 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information t... |
|
CVE
|
CVEnew | 原文
CVE-2021-39018 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL... |
|
CVE
|
CVEnew | 原文
CVE-2021-39017 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbit... |
|
CVE
|
CVEnew | 原文
CVE-2021-39016 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control tran... |
|
CVE
|
CVEnew | 原文
CVE-2021-39015 IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability all... |
|
Emad Shanab - أبو عبد الله
|
Alra3ees | 原文
RT Devansh (⚡, 🥷): A powerful and open-source toolkit for hackers and security automation |
|
Ahamadou Dramé
|
ahamadou_io | 原文
#MyTwitterAnniversary |
|
Nicolas Krassas
|
Dinosn | 原文
DNS Tunneling: DNS Tunneling using powershell to download and execute a payload |
|
Nicolas Krassas
|
Dinosn | 原文
Trufflehog - Find Credentials All Over The Place |
|
Nicolas Krassas
|
Dinosn | 原文
Let’s talk about buffer overflow |
|
Nicolas Krassas
|
Dinosn | 原文
Predatory Sparrow massively disrupts steel factories while keeping workers safe |
|
Nicolas Krassas
|
Dinosn | 原文
Lenovo issues firmware updates after UEFI vulnerabilities disclosed |
|
Nicolas Krassas
|
Dinosn | 原文
Exploiting Arbitrary Object Instantiations in PHP without Custom Classes |
|
Nicolas Krassas
|
Dinosn | 原文
PayPal phishing kit added to hacked WordPress sites for full ID theft |
|
Nicolas Krassas
|
Dinosn | 原文
Ransomware attack on US healthcare debt collector exposes 1.9m patient records |
|
Nicolas Krassas
|
Dinosn | 原文
New Browser De-anonymization Technique |
|
Black Hat
|
BlackHatEvents | 原文
RT Rapid7: We're just one month out of Black Hat 2022! 🎉🤩 Are you heading to Las Vegas next month too? We can't wait to see you there. Learn mor... |
|
James Forshaw
|
tiraniddo | 原文
How could I refuse to pick up a denim jacket with the old "heavy metal" Microsoft logo on the sleeve. I clearly couldn't 😂 |
|
James Forshaw
|
tiraniddo | 原文
Final LSA bug from last month is now open. An interesting one which breaks common assumptions of impersonation security over the LSA's RPC interface. ... |
|
Project Zero Bugs
|
ProjectZeroBugs | 原文
Windows: LSA Service LsapGetClientInfo Impersonation Level Check EoP |
|
Orange Tsai 🍊
|
orange_8361 | 原文
RT PT SWARM: 💥 New attack! Our researcher Arseniy Sharoglazov discovered a PHP's Arbitrary Object Instantiation with no user-defined classes. It wa... |
|
CVE
|
CVEnew | 原文
CVE-2022-2393 A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authenticatio... |
|
CVE
|
CVEnew | 原文
CVE-2022-32225 A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center ... |
|
CVE
|
CVEnew | 原文
CVE-2022-32215 The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to H... |
|
CVE
|
CVEnew | 原文
CVE-2022-32223 Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under... |
|
CVE
|
CVEnew | 原文
CVE-2022-32222 A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.... |
|
CVE
|
CVEnew | 原文
CVE-2022-32210 `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This u... |
|
CVE
|
CVEnew | 原文
CVE-2022-32214 The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP... |
|
CVE
|
CVEnew | 原文
CVE-2022-32212 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check ... |
|
CVE
|
CVEnew | 原文
CVE-2022-32213 The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to H... |
|
CVE
|
CVEnew | 原文
CVE-2022-1662 In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user passw... |
|
CVE
|
CVEnew | 原文
CVE-2022-29593 relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the ... |
|
CVE
|
CVEnew | 原文
CVE-2022-28876 A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the a... |
|
CVE
|
CVEnew | 原文
CVE-2021-45492 In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry i... |