【处置手册】Apache Tomcat条件竞争代码执行漏洞(CVE-2024-50379/CVE-2024-56337)
近日,绿盟科技CERT监测到Apache发布安全公告,修复了Apache Tomcat条件竞争代码执行漏洞(CVE-2024-50379/CVE-2024-56337)。CVSS评分9.8,目前漏洞细节与PoC已公开,请相关用户尽快防护。
Aggregator
雷神众测漏洞周报2024.12.16-2024.12.22
1 year 6 months ago
雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的副本,包括版权声明等全部内容。声明雷神众测允许,不得任意修改或增减此文章内容,不得以任何方式将其用于商业目的。
雷神众测漏洞周报2024.12.16-2024.12.22
1 year 6 months ago
摘要以下内容,均摘自于互联网,由于传播,利用此文所提供的信息而造成的任何直接或间接的后果和损失,均由使用者本人负责,雷神众测以及文章作者不承担任何责任。雷神众测拥有该文章的修改和解释权。如欲转载或传播
雷神众测漏洞周报2024.12.16-2024.12.22
1 year 6 months ago
雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的副本,包括版权声明等全部内容。声明雷神众测允许,不得任意修改或增减此文章内容,不得以任何方式将其用于商业目的。
Become a Problem Solving Machine With 'AI Thinking'—No Neural Implants Necessary!
1 year 6 months ago
To approach a use case with AI effectively, start by defining the problem clearly and ensuring you h
/r/ReverseEngineering's Weekly Questions Thread
1 year 6 months ago
0CTF 2024
1 year 6 months ago
Name: 0CTF 2024 (an 0CTF event.)
Date: Dec. 21, 2024, 2 a.m. — 23 Dec. 2024, 02:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.0ops.sjtu.cn/
Rating weight: 100.00
Event organizers: 0ops
Date: Dec. 21, 2024, 2 a.m. — 23 Dec. 2024, 02:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.0ops.sjtu.cn/
Rating weight: 100.00
Event organizers: 0ops
CVE-2000-0537 | Tolis Group BRU Backup 15.1/16.0 Config File BRUEXECLOG privileges management (EDB-19999 / XFDB-4644)
1 year 6 months ago
A vulnerability, which was classified as critical, was found in Tolis Group BRU Backup 15.1/16.0. This affects an unknown part of the component Config File Handler. The manipulation of the argument BRUEXECLOG as part of Environment Variable leads to improper privilege management.
This vulnerability is uniquely identified as CVE-2000-0537. Local access is required to approach this attack. Furthermore, there is an exploit available.
vuldb.com
North Korean Hackers Stolen $2.2 Billion from Crypto Platforms in 2024
1 year 6 months ago
North Korean hackers are estimated to have stolen a staggering $2.2 billion in 2024, up 21% from 2023. With advanced tactics and increasing sophistication, the Democratic People’s Republic of Korea (DPRK) has positioned itself as a dominant force in crypto theft, targeting both decentralized finance (DeFi) platforms and centralized exchanges to fund its state-sponsored programs. […]
The post North Korean Hackers Stolen $2.2 Billion from Crypto Platforms in 2024 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
Wordlists Every Pentester Must Have !!
1 year 6 months ago
Wordlists Every Pentester Must Have !!
1 year 6 months ago
Build Your Own Secure VPN : A Complete Guide to Enhanced Online Privacy
1 year 6 months ago
Upgrade Your Old Laptop: Create a Home Server or Cloud with Simple Steps
1 year 6 months ago
Unmasking Containers: Processes Through the Host’s Lens
1 year 6 months ago
日本计划以涉嫌垄断为由要求 Google 整改
1 year 6 months ago
日本公平交易委员会拟以违反《反垄断法》(不公平的交易方法)的嫌疑,向 Google 发出要求停止违法行为的“排除措施命令”。该委员会认为 Google 涉嫌违规要求智能手机厂家优先预装其搜索APP。委员会已向该公司发出了处分方案通知,将在倾听意见之后正式做出处分决定。这可能是首次向被称为“GAFA”的 Google 等大型IT企业发出上述命令。Google 涉嫌至少自 2020 年起对于使用自家基本操作系统“安卓”的手机厂家,在允许搭载APP商店“Google Play”的同时,要求在出厂状态的终端上预装“Google Chrome”等自家APP并指定在屏幕上的图标配置。Google 还涉嫌签署了以不搭载竞争对手的APP等为条件,分配一部分利润的合同。
日本计划以涉嫌垄断为由要求 Google 整改
1 year 6 months ago
日本公平交易委员会拟以违反《反垄断法》(不公平的交易方法)的嫌疑,向 Google 发出要求停止违法行为的“排除措施命令”。该委员会认为 Google 涉嫌违规要求智能手机厂家优先预装其搜
Admin Panel Access via Default Credentials
1 year 6 months ago
Admin Panel Access via Default Credentials
1 year 6 months ago
Prototype Pollution — A Deeper Inspection
1 year 6 months ago
HTB Academy Linux Fundamentals: User Management
1 year 6 months ago