Aggregator

A vulnerability classified as problematic was found in Oracle HTTP Server 1.3.22. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2004-2115. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Symantec Norton Antivirus 2003. Affected by this issue is some unknown functionality. The manipulation leads to denial of service. This vulnerability is handled as CVE-2004-2147. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in MySQL 4.1.3/4.1.4 and classified as critical. This vulnerability affects unknown code. The manipulation leads to memory corruption. This vulnerability was named CVE-2004-2149. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Easy Software Products CUPS. This affects an unknown part of the file cupsd.conf. The manipulation leads to improper handling of case sensitivity. This vulnerability is uniquely identified as CVE-2004-2154. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

本网站使用cookies以记住您的偏好和优化您的访问体验。您可选择接受所有cookies或通过设置进行个性化管理。

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Critical Sudo bugs expose […]

A vulnerability classified as very critical was found in Microsoft Windows 7/Server 2003/Server 2008/Vista/XP. This vulnerability affects unknown code of the component Remote Desktop Service. The manipulation leads to code injection. This vulnerability was named CVE-2012-0002. The attack can be initiated remotely. Furthermore, there is an exploit available. This vulnerability has a historic impact due to its background and reception. It is recommended to apply a patch to fix this issue.

一个看似无害的JSON响应，竟让轻松劫持会话弹窗等等！

A vulnerability classified as critical has been found in Oracle Healthcare Translational Research 3.1.0/3.2.1/3.3.1. This affects an unknown part of the component jQuery. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-11358. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Hedgehog-CMS 1.21. It has been rated as problematic. Affected by this issue is some unknown functionality of the file includes/header.php. The manipulation of the argument c_temp_path leads to path traversal. This vulnerability is handled as CVE-2008-2898. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Claroline. Affected by this vulnerability is an unknown functionality of the file admin/advancedUserSearch.php. The manipulation of the argument action leads to cross site scripting. This vulnerability is known as CVE-2007-4717. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Теперь мир станет чуточку безопаснее?

A vulnerability was found in Claroline 1.8.5 and classified as problematic. This issue affects some unknown processing of the file admin/adminusers.php. The manipulation of the argument view leads to cross site scripting. The identification of this vulnerability is CVE-2007-4717. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

本文将详细介绍当前已被主流废弃但仍可在攻击场景中利用的URL Credentials技术，将其扩展用于各种常见漏洞的绕过

前言ret2gets是一种利用glibc优化特性（高版本编译器）的漏洞利用技术，核心是通过gets函数配合printf/puts实现libc地址泄露。该技术适用于:存在栈溢出漏洞程序包含gets函数​缺乏直接控制rdi寄存器的gadget（如pop rdi; ret）技术原型参考: ret2gets | pwn-notes ret2gets | pwn-notes演示程序: ret2gets_d

漏洞描述CVE-2017-17215是CheckPoint团队披露的远程命令执行（RCE）漏洞，存在于华为HG532路由器中。该设备支持名为DeviceUpgrade的一种服务类型，可通过向/ctrlt/DeviceUpgrade_1的地址提交请求，来执行固件的升级操作。可通过向37215端口发送数据包，启用UPnP协议服务，并利用该漏洞，在NewStatusURL或NewDownloadURL标

本文围绕Elastic EDR查杀Dll的加载问题给出Bypass思路

Flask内存马各种姿势详解本篇以jinja2 ssti视角研究Flask高版本内存马拿request对象app.view_functions相关因为高版本给add_url_rule加了装饰器@setupmethod，这个装饰器会先调用app._check_setup_finished, 所以得将app._got_first_request改为False路由装饰器add_url_ruleadd_u

个人的做题思考

keygen，代码复用