Jumpserver安全一窥：Sep系列漏洞深度解析 Jumpserver是中国国内公司开发的一个开源项目，在开源堡垒机领域一家独大。在2023年9月官方集中修复了一系列安全问题，其中... 2023-10-8 00:50:5 | 阅读: 17 | 收藏 | Sec-News 安全文摘 - govuln.com 漏洞 ssh django backends

Yet More Unauth Remote Command Execution Vulns in Firewalls - Sangfor Edition You’re likely seeing a trend - yes, we know, we look at a lot of enterprise-grade softw... 2023-10-5 22:13:39 | 阅读: 19 | 收藏 | Sec-News 安全文摘 - govuln.com php sangfor security watchtowr username

CVE-2023-4911: PoC for CVE-2023-4911 A tag already exists with the provided branch name. Many Git commands accept... 2023-10-4 23:51:25 | 阅读: 27 | 收藏 | Sec-News 安全文摘 - govuln.com

2023 Microsoft Office XSS Found by @adm1nkyj and @justlikebonoIn the server, when parsing... 2023-10-4 20:15:23 | 阅读: 15 | 收藏 | Sec-News 安全文摘 - govuln.com youtube microsoft malicious thumbnail officeapps

(Research) Exploiting HTTP Parsers Inconsistencies The HTTP protocol plays a vital role in the seamless functioning of web applications, however, the i... 2023-10-2 15:9:26 | 阅读: 13 | 收藏 | Sec-News 安全文摘 - govuln.com pathname php security flask xa0

(CVE-2023-30591) NodeBB Pre-Authentication Denial-of-Service Summary:ProductNodeBBVendorNodeBBSeverityHigh - Unprivileged attackers are able to ca... 2023-9-29 20:54:34 | 阅读: 12 | 收藏 | Sec-News 安全文摘 - govuln.com nodebb eventname payload startswith loader

Analysis of NodeBB Account Takeover Vulnerability (CVE-2022-46164) Back in January 2023, I tasked one of our web security interns, River Koh (@oceankex), to perform n-... 2023-9-29 20:36:39 | 阅读: 19 | 收藏 | Sec-News 安全文摘 - govuln.com nodebb sio targeturl emit 4567

拥抱PHP之在crash中遇见generator 0. crash样本 缘起12345678910111213141516171819202122232425262728293031323334353637<?php... 2023-9-28 23:21:43 | 阅读: 8 | 收藏 | Sec-News 安全文摘 - govuln.com 结点 leaf gen1 gen2 delegated

pen4uin/java-echo-generator-release: 一款支持高度自定义的 Java 回显载荷生成工具 A tag alread... 2023-9-28 22:29:25 | 阅读: 23 | 收藏 | Sec-News 安全文摘 - govuln.com jeg woodpecker payload constants github

CVE-2023-36844 And Friends: RCE In Juniper Devices As part of our Continuous Automated Red Teaming and Attack Surface Management technolog... 2023-9-28 20:49:4 | 阅读: 53 | 收藏 | Sec-News 安全文摘 - govuln.com php filedata jail juniper

Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity Update 2023-09-27: Full technical details added (see Technical Details section).Key Information... 2023-9-28 10:34:21 | 阅读: 20 | 收藏 | Sec-News 安全文摘 - govuln.com teamcity jetbrains rpc2

jumpserver最新re-auth复现（伪随机经典案例） 0x00 前言最近edwardz(彭博)提交了个jumpserver的未授权rce，可以说是非常精彩，复现下来后发现确实是一个很经典的伪随机例子，这也是我一直想写但是找不出合适例子做教学的一套组合拳，... 2023-9-27 21:20:31 | 阅读: 105 | 收藏 | Sec-News 安全文摘 - govuln.com 找回 kwargs 播种 gunicorn django

[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) \ BriefI may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 20... 2023-9-25 20:23:43 | 阅读: 127 | 收藏 | Sec-News 安全文摘 - govuln.com httpcontext

The WebP 0day (CVE-2023-4863) Early last week, Google released a new stable update for Chrome. The update inc... 2023-9-25 16:49:32 | 阅读: 34 | 收藏 | Sec-News 安全文摘 - govuln.com huffman overflow security dwebp

通杀HIDS-Linux绕过文件系统向磁盘写入shellcode 最近研究数据恢复，发现了新的trick。在攻防对抗中，由于主机上都会部署HIDS的agent，这就导致红队在目标主机上落地的任何文件都会被监控到。如果恶意的shellcode不... 2023-9-25 11:33:56 | 阅读: 83 | 收藏 | Sec-News 安全文摘 - govuln.com shellcode 绕过 debugfs 数据

iOS 17隐私设置指南 最近把手机升级到iOS 17了，升级后的设置里多了很多以前没注意到的指南，我发现特别是有关隐私相关配置的很多我没有启用。那么，我就来扒一扒iOS中和隐私相关的配置，这些配置可能是iOS 17以后加入的... 2023-9-24 22:48:59 | 阅读: 49 | 收藏 | Sec-News 安全文摘 - govuln.com 苹果 网络 security 信息 wlan

vArmor中的ptrace阻断功能实现分析 2023-9-23 15:20:4 | 阅读: 33 | 收藏 | Sec-News 安全文摘 - govuln.com varmor strictmode traceby readby processes

When URL parsers disagree (CVE-2023-38633) As part of Canva's ongoing mission to build the world's most trusted platform, we continuously evalu... 2023-9-22 11:18:43 | 阅读: 29 | 收藏 | Sec-News 安全文摘 - govuln.com librsvg xi xinclude passwd security

CraftCMS RCE Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web—and beyond... 2023-9-21 23:54:21 | 阅读: 27 | 收藏 | Sec-News 安全文摘 - govuln.com yii craftcms craft baseconfig rbac

From MQTT Fundamentals to CVE Internet of Things (IoT) and Operational Technology (OT) is an area that has grown strongly... 2023-9-20 14:40:28 | 阅读: 41 | 收藏 | Sec-News 安全文摘 - govuln.com mqtt client broker mosquitto memory