CTF导航 CTF导航

每日安全动态推送(6-26)

渗透技巧 1年前 (2023) admin
238 0 0
Tencent Security Xuanwu Lab Daily News

• Tenda AC6 AC1200 15.03.06.50_multi Cross Site Scripting ≈ Packet Storm:
https://packetstormsecurity.com/files/173029

   ・ 腾达 AC6 AC1200存在多个XSS漏洞 – Atum


• Apache Flink攻击面探索 – FreeBuf网络安全行业门户:
https://www.freebuf.com/articles/web/370007.html

   ・ 介绍了Apache Flink的历史漏洞以及相关攻击面 – Atum


• Revamping Binary Analysis with Sampling and Probabilistic Inference:
https://hammer.purdue.edu/articles/thesis/Revamping_Binary_Analysis_with_Sampling_and_Probabilistic_Inference/23542014

   ・ 一个利用采样和概率推理的二进制分析新思路 – Atum


• A Low-Level Guide To Solidity’s Storage Management:
https://degatchi.com/articles/low_level_guide_to_soliditys_storage_management

   ・ 介绍EVM的Storage在底层是如何工作的 – Atum


• Description:
https://github.com/ThatLing/limba

   ・ 一个基于Mixed Boolean-Arithmetic的控制流混淆工具 – Atum


• Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack:
https://thehackernews.com/2023/06/alert-million-of-github-repositories.html

   ・ github中大量的仓库存在被RepoJacking攻击影响的风险,包括google等知名公司的部分repo。 – Atum


• EJS Vulnerabilities in CTF:
https://blog.huli.tw/2023/06/22/en/ejs-render-vulnerability-ctf/

   ・ 盘点了CTF中出现的Express js漏洞中具有同一特定pattern的web题目,并提供了详细的分析 – Atum


• Zero Day Initiative — CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE:
https://www.zerodayinitiative.com/blog/2023/6/21/cve-2022-31696-an-analysis-of-a-vmware-esxi-tcp-socket-keepalive-type-confusion-lpe

   ・ VMware ESXI TCP Socket Keppalive 类型混血提权漏洞分析 – Atum


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(6-26)

版权声明:admin 发表于 2023年6月26日 下午3:49。
转载请注明:每日安全动态推送(6-26) | CTF导航

相关文章

每周蓝军技术推送(2022.7.2-7.8)
admin
829
CVE-2022-31696: AN ANALYSIS OF A VMWARE ESXI TCP SOCKET KEEPALIVE TYPE CONFUSION LPE
admin
258
Forensike, or Forensics for bad guys
admin
267
每日安全动态推送(4-13)
admin
295
JNDI 反击 – H2 数据库控制台中未经身份验证的 RCE
admin
1,107
寻找PayPal密码泄露漏洞(15300美金)
admin
652

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0