每日安全动态推送(1-4)
2024-1-4 18:9:16 Author: mp.weixin.qq.com(查看原文) 阅读量:3 收藏

Tencent Security Xuanwu Lab Daily News

• Billion times emptiness:
https://blog.trailofbits.com/2023/12/29/billion-times-emptiness/

   ・ 以太坊ABI解析器的新漏洞揭示了其规范的缺陷,可能导致拒绝服务攻击。文章详细分析了漏洞的根本原因,并提供了多个库中漏洞的演示。  – SecTodayBot

• GitHub - anasfik/flutter-spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.:
https://github.com/anasfik/flutter-spy

   ・ Flutter Spy是一款Bash命令行工具,旨在提供对构建的Flutter应用进行深入代码分析和数据提取的能力。它支持从安卓应用(APK文件)中收集信息,并提供数据提取和导出报告的功能。 – SecTodayBot

• GitHub - nowak0x01/WPXStrike: WPXStrike is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in WordPress:
https://bit.ly/3v9QylS

   ・ 介绍了一个脚本,旨在将WordPress中的跨站脚本(XSS)漏洞升级为远程代码执行(RCE)或其他关键漏洞。该脚本提供了支持WordPress 6.X.X、5.X.X和4.X.X版本,并具有提权、用户创建、自定义插件上传、内置插件和主题编辑等关键功能。 – SecTodayBot

• Element: setHTML() method:
https://developer.mozilla.org/en-US/docs/Web/API/Element/setHTML

   ・ 该文章介绍了一种新的用于解析和净化HTML的方法,用于预防跨站脚本攻击(XSS)。  – SecTodayBot

• Silly EDR Bypasses and Where To Find Them:
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html

   ・ 绕过EDR的新技术,包括TOCTOU和硬件断点 – SecTodayBot

• RISC-Y Business: Raging against the reduced machine:
https://secret.club/2023/12/24/riscy-business.html

   ・ 讨论了开发低占用虚拟机解释器的实际工程挑战,其最大亮点在于介绍了使用开源技术构建的易于嵌入的虚拟机。 – SecTodayBot

• Re: CVE-2023-51766: Exim: SMTP smuggling:
https://seclists.org/oss-sec/2024/q1/2

   ・ 披露了Exim邮件服务器的一个新漏洞CVE-2023-51766,详细分析了漏洞的条件和影响,并提供了安装修复版本的信息。  – SecTodayBot

• The Urgent Need to Patch Buffalo’s VR-S1000 VPN Router:
https://securityonline.info/the-urgent-need-to-patch-buffalos-vr-s1000-vpn-router/

   ・ VR-S1000路由器存在多个安全漏洞 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959484&idx=1&sn=d47a2f2ed4d91e84d8938db9075a2b40&chksm=8baed023bcd95935829537604868db66dee878ec92e51678cbc5106b35c7ac5b4cca5b8009c8&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh