[remote] HTTP/2 2.0 - Denial Of Service (DOS)
HTTP/2 2.0 - Denial Of Service (DOS)
Aggregator
[local] Mbed TLS 3.6.4 - Use-After-Free
9 months 1 week ago
Mbed TLS 3.6.4 - Use-After-Free
[webapps] Concrete CMS 9.4.3 - Stored XSS
9 months 1 week ago
Concrete CMS 9.4.3 - Stored XSS
[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
9 months 1 week ago
XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)
[webapps] ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection
9 months 1 week ago
ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection
[webapps] dotCMS 25.07.02-1 - Authenticated Blind SQL Injection
9 months 1 week ago
dotCMS 25.07.02-1 - Authenticated Blind SQL Injection
[webapps] Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)
9 months 1 week ago
Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)
[webapps] Tourism Management System 2.0 - Arbitrary Shell Upload
9 months 1 week ago
Tourism Management System 2.0 - Arbitrary Shell Upload
[remote] ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)
9 months 1 week ago
ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)
[remote] ClipBucket 5.5.0 - Arbitrary File Upload
9 months 1 week ago
ClipBucket 5.5.0 - Arbitrary File Upload
[local] Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of Privilege
9 months 1 week ago
Microsoft Windows Server 2025 Hyper-V NT Kernel Integration VSP - Elevation of Privilege
[remote] Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell
9 months 1 week ago
Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell
Second-order SQL Injection via variable pollution of search_table (identifier injection) in bbs/search.php
9 months 1 week ago
darkless
利用 Dev3000 优化 Claude Code 代码调试流程
9 months 1 week ago
Dev3000 是一款开源工具,用于辅助 AI 调试。它自动监控服务器日志、浏览器事件、网络请求及截图,并构建时间线供 AI 分析,提升调试效率。支持主流前端框架,可通过 MCP 协议连接 AI 助手如 Claude Code 或 Cursor。
《国家网络安全事件报告管理办法》解读与企业应对策略
9 months 1 week ago
2025年11月1日起施行。
[PHP特性篇]PHP特性之反射类ReflectionClass机制
9 months 1 week ago
本文以 CTF 靶场为例,介绍 PHP ReflectionClass 机制,含核心能力、基础使用,还分析其被恶意利用的风险及对应的防御措施。
签名从哪来?小程序 API 请求签名的逆向与验证
9 months 1 week ago
本文系统复盘了一次微信小程序请求签名机制的逆向分析过程。从静态代码分析入手,通过关键词检索定位可疑函数,利用动态调试还原签名生成的完整流程,并构建最小化验证脚本复现核心逻辑。研究发现该签名机制存在随机数生成缺陷、参数序列化不一致等安全问题,文末给出针对性的安全改进建议,为小程序开发者提供参考。
PacketScope之协议交互“透视镜”
9 months 1 week ago
PacketScope是一种基于eBPF的TCP/IP协议栈通用防御框架。通过在协议栈处理路径上动态观测、实时感知每一个分组单元在系统内的处理轨迹,绘制协议交互全景图,再辅助以大模型分析,PacketScope实现了协议栈内核级别的分组可视化、安全性分析与零延迟防御。
JRASP源码浅析
9 months 1 week ago
详细分析JRASP的原理和相关hook实现
2025年网络安全技能竞赛“观安杯”管理运维赛 WEB/PWN wp
9 months 1 week ago
2025年网络安全技能竞赛“观安杯”管理运维赛 WEB/PWN wp