Aggregator

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士最近，谷歌从应用商店中踢出卡巴斯基的安卓安全应用并禁用了该公司的开发者账户。上上周，用户报告称，卡巴斯基的产品（包括卡巴斯基Endpoint Sec

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士GitLab 发布安全更新，修复了位于社区版 (CE) 和企业版 (EE) 中的多个漏洞，其中一个是严重的任意分支管道执行漏洞 (CVE-2024-

以“合规赋能 数智未来”为主题的2024第三届SCIC网络安全合规创新大会将于2024年10月18日在北京召开 […]

A vulnerability classified as critical was found in Kinson Chan Charray CMS 0.9.3. This vulnerability affects unknown code of the file markdown.php. The manipulation of the argument ccms_library_path leads to improper input validation. This vulnerability was named CVE-2007-6179. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Charrays CMS. Affected is an unknown function of the file markdown.php. The manipulation of the argument ccms_library_path leads to improper input validation. This vulnerability is traded as CVE-2007-6179. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Php Con 1.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file include.php. The manipulation of the argument webappcfg[APPPATH] leads to code injection. This vulnerability is handled as CVE-2007-6177. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Easy Hosting Control Panel up to 0.22.8. This affects an unknown part of the file dbutil.bck.php of the component Control Panel. The manipulation of the argument confdir leads to improper input validation. This vulnerability is uniquely identified as CVE-2007-6178. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Project Alumni 1.0.9 and classified as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument act leads to path traversal. This vulnerability is handled as CVE-2007-6184. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as very critical, was found in Wire Plastic Design wpQuiz 2.7. This affects an unknown part of the file viewimage.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2007-6172. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

某友反序列化漏洞黑名单绕过浅析

本文提出了AutoSafeCoder，一个多智能体框架，旨在通过静态分析和模糊测试来增强（LLM）生成代码的安全性。

Probably once a week, I see posts like this in the r/Ubiquiti subreddit. Ubiquiti makes network gea

攻击者可以在某些情况下以任意用户身份触发Pipeline，可能导致权限提升或执行恶意操作。

BAADTokenBroker BAADTokenBroker is a post-exploitation tool designed to leverage device-stored keys (Device key, Transport key etc..) to authenticate to Microsoft Entra ID. Use Import BAADTokenBroker in your target machine. PS C:\ > import-module .\BAADTokenBroker.ps1...

The post BAADTokenBroker: Bypassing Entra ID Conditional Access appeared first on Penetration Testing Tools.

lsassy Python library to remotely extract credentials. This library uses impacket projects to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Different lsass dumping methods are implemented in lsassy, and some option are provided to...

The post lsassy: Extract credentials from lsass remotely appeared first on Penetration Testing Tools.

GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline executionGitLab issued