每日安全动态推送(8-7)
2024-8-7 17:2:49 Author: mp.weixin.qq.com(查看原文) 阅读量:7 收藏

Tencent Security Xuanwu Lab Daily News

• GitHub - Aegrah/PANIX: Customizable Linux Persistence Tool for Security Research and Detection Engineering.:
https://github.com/Aegrah/PANIX

   ・ PANIX是一款针对Linux的高度可定制的持久性工具 – SecTodayBot

• A Visual Guide to Pointer Analysis with cclyzer++: Part 1:
https://galois.com/blog/2022/08/cclyzer/

   ・ 介绍了Galois最近发布的cclyzer++,这是一个精确的开源指针分析工具,适用于编译为LLVM的语言,尤其是C和C ++。 – SecTodayBot

• CVE-2024-38100: Leaked Wallpaper Exploit Exposes Windows Users to Privilege Escalation Attacks:
https://securityonline.info/cve-2024-38100-leaked-wallpaper-exploit-exposes-windows-users-to-privilege-escalation-attacks/

   ・ Windows File Explorer的严重漏洞CVE-2024-38100暴露了Windows用户面临权限提升攻击的风险。 – SecTodayBot

• Django CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, and CVE-2024-42005:
https://seclists.org/oss-sec/2024/q3/146

   ・ Django发布多个CVE漏洞及其修复补丁,涉及内存耗尽、拒绝服务、潜在SQL注入等安全问题。 – SecTodayBot

• Auditing Atlassian Plugins, 53 0-Days Later:
https://cyllective.com/blog/posts/atlassian-audit-plugins

   ・ 对Atlassian插件进行漏洞审计,发现了多个0-day漏洞。 – SecTodayBot

• Disclaimer:
https://github.com/CykuTW/tsh-go

   ・ 用Go语言重写的Tiny SHell程序,可以跨平台编译,在网络受限设备上进行安全研究非常方便。 – SecTodayBot

• Search query for bugs in Apache Solr:
https://pvs-studio.com/en/blog/posts/java/1147/?utm_source=firefly&utm_medium=twitter

   ・ 使用PVS-Studio分析器检测Apache Solr源代码中潜在问题。 – SecTodayBot

• MITMing the Xbox 360 Dashboard for Fun and RCE:
https://landaire.net/mitming-the-xbox-360-dashboard-for-rce-and-fun/

   ・ 通过中间人攻击测试Xbox 360的Dashboard并且实现RCE – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959753&idx=1&sn=f173e65479d0ac7f44c3e0aa8516b308&chksm=8baed156bcd9584064831d0d40072bf7bbdeedb268d4aad5a5bfec4b39e92ff47e81b9fa3da7&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh