• 55 Vulnerabilities in Squid Caching Proxies and 35 0days:
https://joshua.hu/squid-security-audit-35-0days-45-exploits
・ Squid 缓存代理中的 55 个漏洞和 35 个 0days
– SecTodayBot
• CVE-2023-44981: Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication:
https://seclists.org/oss-sec/2023/q4/83
・ Apache ZooKeeper Quorum Peer 身份验证绕过漏洞
– SecTodayBot
• Top 7 Strategies for Smart Contract Bug Hunting:
https://blog.chain.link/smart-contract-bug-hunting/
・ 智能合约漏洞挖掘策略
– SecTodayBot
• X-Force uncovers global NetScaler Gateway credential harvesting campaign:
https://securityintelligence.com/x-force/x-force-uncovers-global-netscaler-gateway-credential-harvesting-campaign/
・ 攻击者利用 CVE-2023-3519 攻击未修补的 NetScaler Gateway,将恶意脚本插入身份验证网页以捕获用户凭据
– SecTodayBot
• GitHub - Wh04m1001/CVE-2023-36723:
https://github.com/Wh04m1001/CVE-2023-36723
・ 容器管理器服务中的任意目录创建错误
– SecTodayBot
• Django下防御 Race Condition 漏洞:
https://paper.seebug.org/3049/
・ Django下防御 Race Condition 漏洞
– SecTodayBot
• GitHub - cjm00n/EvilSln: A New Exploitation Technique for Visual Studio Projects:
https://github.com/cjm00n/EvilSln
・ Visual Studio 项目的一种新的利用技术,提供无需使用项目根目录中的 .suo 文件进行编译即可执行代码的PoC
– SecTodayBot
• Micropatches Released For Two Windows CNG Key Isolation Service Vulnerabilities (CVE-2023-28229, CVE-2023-36906):
https://blog.0patch.com/2023/10/micropatches-released-for-two-windows.html
・ lsass.exe 中运行的密钥隔离服务中的竞争条件,允许攻击者使用结构内已释放的内存,从而可以恶意利用该内存
– SecTodayBot
• GitHub - Cr4sh/SmmBackdoorNg: Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks:
https://github.com/Cr4sh/SmmBackdoorNg
・ 基于 UEFI 的平台的系统管理模式(SMM)的后门
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab