DOM element relationships - Shazzer
shazzer.co.uk

讨论了在网络安全技术中DOM元素之间的关系,特别是针对XSS向量。 SecTodayBot • 1 day ago

0   

CVE-2024-24576 Windows 下多语言命令注入漏洞分析
程序人生

介绍了近期由Flatt Security Inc.的RyotaK披露的Windows下多个编程语言的命令注入漏洞(BatBadBut)。漏洞影响面广,涉及Rust、PHP、Python和Node.js等多种编程语言 SecTodayBot • 1 day ago

0   

Ray OS 2.6.3 Command Injection
packetstormsecurity.com

揭示了Ray OS v2.6.3中的新漏洞(CVE-2023-6019),详细分析了命令注入RCE的根本原因 SecTodayBot • 1 day ago

0   

Moodle 3.10.1 - Authenticated Blind Time-Based SQL Injection - "sort" parameter
www.exploit-db.com

介绍了Moodle中一种新的Time-Based Blind SQL Injection漏洞 SecTodayBot • 1 day ago

0   

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass
www.exploit-db.com

披露了一个在线火灾报告系统中的SQL注入漏洞 SecTodayBot • 1 day ago

0   

How a Race Condition Vulnerability Could Cast Multiple Votes
www.hackerone.com

竞争条件漏洞的详细分析 SecTodayBot • 1 day ago

0   

Non-Deterministic Nature of Prompt Injection
research.nccgroup.com

论了提示注入的非确定性特性,以及这对漏洞的识别和利用有着怎样的影响 SecTodayBot • 1 day ago

0   

libreswan: IKEv1 default AH/ESP responder can crash and restart
Open Source Security

libreswan软件的一个新漏洞,详细分析了漏洞的根本原因。漏洞编号为CVE-2024-3652,虽然不能实现远程代码执行,但仍然具有中等严重性。 SecTodayBot • 1 day ago

0   

flatpak CVE-2024-32462 : Sandbox escape via RequestBackground portal and CWE-88
Open Source Security

Flatpak系统中的新漏洞CVE-2024-32462导致了沙箱逃逸。 SecTodayBot • 1 day ago

0   

Re: Make your own backdoor: CFLAGS code injection, Makefile injection, pkg-config
Open Source Security

利用pkg-config文件和Makefile中的漏洞创建后门的新方法 SecTodayBot • 1 day ago

0   

Terrapin vulnerability in Jenkins CLI client
Open Source Security

介绍了Jenkins CLI客户端中的Terrapin漏洞 SecTodayBot • 2 days ago

0   

CVE-2024-31869: Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Open Source Security

Apache Airflow存在一处漏洞,允许经过身份验证的用户在\"configuration\" UI页面上查看敏感提供者配置 SecTodayBot • 2 days ago

0   

CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability
Zero Day Initiative - Blog

Microsoft Windows中Libarchive远程代码执行漏洞CVE-2024-20697 SecTodayBot • 2 days ago

0   

Passbolt: a bold use of HaveIBeenPwned
Quarkslab's blog

Pwned Passwords service与Passbolt是本文的重点内容,介绍了使用Pwned Passwords API来提醒用户密码是否存在于以前的数据泄露中,以及Passbolt作为开源密码管理器的应用。 SecTodayBot • 2 days ago

0   

SoumniBot: the new Android banker’s unique techniques
Securelist

Android恶意软件SoumniBot采用非常规方法规避分析和检测,通过篡改Android清单文件等技术,成功规避安卓系统的检测机制。 SecTodayBot • 2 days ago

0   

Fake Dialog Boxes to Make Malware More Convincing
SpiderLabs Blog

探讨了SpiderLabs在红队参与过程中如何将用户提示(特别是Windows对话框)纳入其恶意软件加载程序,以使钓鱼目标更容易相信。 SecTodayBot • 2 days ago

0   

A quick post on Chen’s algorithm
blog.cryptographyengineering.com

介绍了由Yilei Chen撰写的新的量子算法对密码学的潜在影响。该算法可能对基于格的加密方案造成潜在威胁,引起了密码学研究界的关注。 SecTodayBot • 3 days ago

1   

PoC Exploit Released for 0-day Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338)
securityonline.info

揭示了近期被朝鲜Lazarus组织利用的Windows Kernel漏洞(CVE-2024-21338)的详细分析及其利用方式,并提供了针对该漏洞的PoC exploit code。 SecTodayBot • 3 days ago

1   

Building a model from scratch
docs.rev.ng

介绍了如何从头开始构建一个模型来反编译一个简单的程序 SecTodayBot • 3 days ago

0   

NoArgs - Tool Designed To Dynamically Spoof And Conceal Process Arguments While Staying Undetected
www.kitploit.com

介绍了一种名为NoArgs的网络安全工具,可动态伪装和隐藏进程参数,以保持不被检测。通过篡改Windows API并利用Process Environment Block(PEB)来实现参数的操纵和隐藏。 SecTodayBot • 3 days ago

0   

Tags

Tools Malware Windows Vulnerability Browser Web Attack Android iOS Linux Pentest Conference macOS Network IoT Wireless Fuzzing Reverse Engineering Virtualization Defend CTF Crypto Data Breach Programming Machine Learning Firmware Report Forensics Mitigation PoC SCADA Backdoor Side Channel Blockchain Threat Intelligence Hardware Exploit Supply Chain Bug Bounty Privacy Power Analysis
Loading