Aggregator

CVE-2025-49113认证后php反序列化rce复现新视角……一个有趣的php反序列化对象注入导致的命令执行

shellcode使用了xor与ipv6的形式，动态api调用免杀框架

A vulnerability has been found in Akella Privateers Bounty: Age Of Sail II 1.4.51 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Nickname Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2004-1619. The attack can be launched remotely. Furthermore, there is an exploit available.

JAVA代码审计之鉴权逻辑错误审计小记

这篇文章主要介绍了自定义 String 哈希算法的定义、特点以及应用场景，特别详细地讲解了两种常见的算法：ROTR32 和 CRC32。

在 Web 开发中，注入用户提供的 HTML 代码需求普遍存在，但这一过程伴随显著的安全风险，尤其需防范跨站脚本攻击（XSS）。尽管业界已有成熟的 XSS 过滤器（如 DOMPurify），但其配置不当或机制缺陷仍可能被利用。本文聚焦于命名空间混淆、MXSS（突变 XSS）、DOM Clobbering等前沿攻击技术，通过解析基础概念与实战案例，揭示两次 DOMPurify 绕过的核心原理，旨在帮

Неужели наш загадочный сосед — самоубийца?

A vulnerability classified as problematic has been found in Gonzalo Maser Com Artforms 2.1b7.2. Affected is an unknown function of the file index.php. The manipulation of the argument afmsg leads to cross site scripting. This vulnerability is traded as CVE-2010-2846. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Daily Sparks 是一款轻量级 iPhone 应用（2.7 MB），通过桌面小组件显示重要事项，并支持每日最多 16 次提醒通知。开发者原意用于保存语录，但用户可将其用于重要事项提醒。测试中未见通知推送，需注意可能的频繁打扰。

A vulnerability was found in Moodle. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Database Auto-linking. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-28331. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Moodle. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Service Token List. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2021-36398. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in answerdev answer up to 1.0.5. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-1245. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in cockpit up to 2.4.0. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2023-1313. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in answer up to 1.0.5 and classified as problematic. This issue affects some unknown processing. The manipulation leads to observable response discrepancy. The identification of this vulnerability is CVE-2023-1540. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in thorsten phpmyfaq up to 3.1.11. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. This vulnerability is handled as CVE-2023-1761. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.