Aggregator

Flask内存马各种姿势详解本篇以jinja2 ssti视角研究Flask高版本内存马拿request对象app.view_functions相关因为高版本给add_url_rule加了装饰器@setupmethod，这个装饰器会先调用app._check_setup_finished, 所以得将app._got_first_request改为False路由装饰器add_url_ruleadd_u

个人的做题思考

keygen，代码复用

AMD漏洞挖掘-从文件权限配置错误到驱动权限提升

Open Harmony CTF的两道题目（RE+WEB）

[★★☆] Equestria - Door To The StablePoints: 6We are suspecting that the website on http://exp.cybergame.sk:7000/ is hiding something. We need to find out what is hidden in the website. We've gathered

前言漏洞编号CVE-2018-7034，影响D-Link和TrendNet的一些老设备。通过网盘分享的文件：TEW751DR_FW103B03.bin链接: https://pan.baidu.com/s/1g37sSUnZQDQjpg_ABuGULg?pwd=xidp 提取码: xidp这里分析的是TrendNet TEW751的固件，此外D-Link的一些老设备，如DIR645，DIR815等

A vulnerability was found in Microsoft Internet Explorer 8/9. It has been classified as problematic. Affected is the function toStaticHTML of the component HTML Sanitization. The manipulation as part of String leads to information disclosure. This vulnerability is traded as CVE-2012-1858. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Apple iOS up to 10.2. Affected is the function Frame::setDocument of the component WebKit. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2017-2364. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in SeaNox Devwex 2002-05-20. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2002-0946. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Claroline. Affected by this vulnerability is an unknown functionality of the file demo/claroline170/index.php. The manipulation of the argument _SERVER leads to basic cross site scripting. This vulnerability is known as CVE-2007-3517. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Article System 0.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file volume.php. The manipulation of the argument config[public_dir] leads to file inclusion. This vulnerability is known as CVE-2006-5766. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in FlatNuke 2.5.6. It has been classified as problematic. Affected is an unknown function of the file verify.php. The manipulation of the argument body leads to an unknown weakness. This vulnerability is traded as CVE-2005-4449. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Sophos Web Appliance up to 3.8.1. Affected is an unknown function of the file /index.php of the component Change Password Dialog Box. The manipulation of the argument c with the input change_password leads to improper access controls. This vulnerability is traded as CVE-2014-2849. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Savant Web Server up to 3.1 and classified as critical. This issue affects some unknown processing of the component GET Request Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2002-1120. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

文章探讨了EDR（端点检测与响应）技术在企业运营中的重要性及未来发展趋势。通过分析其核心功能和应用场景，指出EDR在提升企业安全防护能力、优化管理流程方面的显著优势，并展望了其在数字化转型中的广泛应用前景。

A vulnerability, which was classified as problematic, has been found in Claroline 1.8.3. This issue affects some unknown processing of the file index.php. The manipulation of the argument _SERVER leads to basic cross site scripting. The identification of this vulnerability is CVE-2007-3517. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Citadel WebCit 7.10. This affects an unknown part. The manipulation of the argument who leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2007-3822. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sophos Web Appliance up to 3.7.7. It has been classified as critical. Affected is an unknown function. The manipulation of the argument address leads to os command injection. This vulnerability is traded as CVE-2014-2850. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Excel 2007. It has been classified as critical. This affects an unknown part of the component File Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-5672. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.