区块链篇-Balsn CTF 2019 – Bank
其实这道题应该算是比较过时了,只有solidity 0.5.0 以前可能才会出现的漏洞,感觉主要是结构体未初始化造成的一个变量覆盖,以及程序流的劫持,有一点pwn的...
WSO2 RCE (CVE-2022-29464) exploit and writeup
CVE-2022-29464 WSO2 RCE (CVE-2022-29464) exploit and writeup. Details CVE-2022-29464 is critical vulnerability on WSO2 discovered by Orange Tsai. ...
JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
Time to 'leak' this old (but gold) pre-auth RCE affecting some of the Red Hat products. As stated by @joaomatosf this is an old but gold vulnerabil...
CVE-2022-21449: Psychic Signatures in Java
The long-running BBC sci-fi show Doctor Who has a recurring plot device where the Doctor manages to get out of trouble by showing an identity card ...
安全招聘汇总 | 第二十二期
嘉诚信息高级渗透测试工程师工作地点:北京联系方式:[email protected];v:n1329496562(注明来自ChaMd5)岗位详情:http://www.chamd5.org/jobde...
CVE-2022-23305 Weblogic http RCE or Apache Log4j SQL Injection?
漏洞信息最近有小伙伴微信@我,提到Oracle官方在4月份补丁中发布了一个Weblogic http匿名RCE漏洞,编号CVE-2022-23305。在刷朋友圈时我也发现多篇漏洞预警文...
慢雾:Rikkei Finance 被黑复现分析
By:Dig2@慢雾安全团队2022 年 04 月 15 日,由于恶意攻击,Rikkei Finance 的五个资金池 (USDT, BTC, DAI, USDT, BUSD) 中近乎全部代币被盗。慢雾安全团队将...
GHSL-2022-012: Arbitrary file write during TAR extraction in Apache Hadoop – CVE-2022-26612
Coordinated Disclosure Timeline 2022/02/08: Report sent to security at apache.org. 2022/02/09: Receipt acknowledged. 2022/03/10: Issue fixed...
Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
Russia-linked group is continually refining its malware and often deploying multiple payloads to maximize chances of maintaining a persistent prese...
wip untethered jailbreak for iOS 9.x (and later 10.x).
p0laris wip untethered jailbreak for iOS 9.x (and later 10.x). With love from spv. 原文始发于Github:wip untethered jailbr...