CVE-2022-32532 Apache Shiro RegExPatternMatcher 认证绕过漏洞分析与复现
近日监测到Apache发布公告,修复了Apache Shiro框架中的一个认证绕过漏洞CVE-2022-32532当使用RegexRequestMatcher进行认证配置时,可以通过构造特殊请求绕过正则表达式检查,从而实现认证绕过。
Aggregator
Oracle ADF Faces 反序列化RCE
3 years 3 months ago
环境搭建安装Oracle19c,安装的时候这里要选AL32UTF8image.png接下来会卡在42%,多等
Oracle ADF Faces 反序列化RCE
3 years 3 months ago
环境搭建安装Oracle19c,安装的时候这里要选AL32UTF8image.png接下来会卡在42%,多等
Oracle ADF Faces 反序列化RCE
3 years 3 months ago
环境搭建安装Oracle19c,安装的时候这里要选AL32UTF8image.png接下来会卡在42%,多等
Oracle ADF Faces 反序列化RCE
3 years 3 months ago
环境搭建安装Oracle19c,安装的时候这里要选AL32UTF8image.png接下来会卡在42%,多等
Oracle ADF Faces 反序列化RCE
3 years 3 months ago
环境搭建安装Oracle19c,安装的时候这里要选AL32UTF8image.png接下来会卡在42%,多等
Oracle ADF Faces 反序列化RCE
3 years 3 months ago
环境搭建安装Oracle19c,安装的时候这里要选AL32UTF8image.png接下来会卡在42%,多等
CVE-2022-21445 Oracle JDeveloper ADF Faces反序列化漏洞影响众多Oracle产品
3 years 3 months ago
近日Oracle通报了一个反序列化漏洞CVE-2022-21445,未经身份认证的远程攻击者可利用该漏洞实现反序列化操作导致任意代码执行。任何基于ADF Faces框架开发的程序都受到此漏洞的影响,包括Oracle的多个产品。
Akamai’s Observations of Confluence Zero Day (CVE-2022-26134)
3 years 3 months ago
The Atlassian Confluence vulnerability is here to stay. See Akamai's research into the stats two weeks after the advisory was released.
Chen Doytshman
Post Exploitation: Sniffing Logon Passwords with PAM
3 years 3 months ago
Pluggable Authentication Modules (PAM) on Unix based systems are useful to change logon behavior and enforce authentication via various means.
In “Red Team Strategies” the chapter “Protecting the Pentester” walks the reader through the configuration of a PAM module to get notified in real-time via a pop-up when someone logs on to the machine (e.g. system compromise).
But there are also bad things that can be done with PAM (especially post-exploitation) and this is what this post is about.
CVE-2022-25167 Apache Flume JNDI 注入漏洞分析与复现
3 years 3 months ago
近日监测到 Apache 发布安全的公告,修复了一个存在于 Apache Flume 中的代码执行漏洞CVE-2022-25167,攻击者可通过发送特制的 JNDI 查找,从而在目标系统上执行任意代码。
Hack-The-Box-walkthrough[phoenix]
3 years 3 months ago
253
RASP| Spring data mongodb spel(CVE-2022-22980)
3 years 3 months ago
Spring Data MongoDB 是一个开源项目,它提供了与 MongoDB 文档数据库的集成。近日监控到 Spring Data MongoDB 爆出 SpEL 表达式注入漏洞 CVE-2022-22980
RASP| Spring data mongodb spel(CVE-2022-22980)
3 years 3 months ago
Spring Data MongoDB 是一个开源项目,它提供了与 MongoDB 文档数据库的集成。近日监控到 Spring Data MongoDB 爆出 SpEL 表达式注入漏洞 CVE-2022-22980
RASP| Spring data mongodb spel(CVE-2022-22980)
3 years 3 months ago
Spring Data MongoDB 是一个开源项目,它提供了与 MongoDB 文档数据库的集成。近日监控到 Spring Data MongoDB 爆出 SpEL 表达式注入漏洞 CVE-2022-22980
What’s New for Developers: June 2022
3 years 3 months ago
Read about our recent Terraform updates and managed database services, our latest Meet the Developer articles, and stream videos on edge computing.
Jessica Capuano Mora
潮汐平台与开发大赛
3 years 3 months ago
在提笔写文章的时候,忽然发现6月已经过了大半了,时光总是匆匆的感觉。6月其实花了很多时间去研究一个叫做潮汐平台的东西.
Celebrating Women Engineers Today and Every Day at Verisign
3 years 3 months ago
Today, as the world celebrates International Women in Engineering Day, we recognize and honor women engineers at Verisign, whose own stories have helped shape dreams and encouraged young women and girls to take up engineering careers. Here are three of their stories: Shama Khakurel, Senior Software Engineer When Shama Khakurel was in high school, she […]
The post Celebrating Women Engineers Today and Every Day at Verisign appeared first on Verisign Blog.
Ellen Petrocci
Windows自启动技术-注册表 - nice_0e3
3 years 3 months ago
Windows自启动技术-注册表 注册表自启动 Windows的Run和RunOnce注册表项可以让用户登陆系统时自动启动一些程序。 其中涉及到的注册表项如下: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY
nice_0e3
Bots Are Scalping Israeli Government Services
3 years 3 months ago
Bots can be used for good, but can also be nefarious. In this post, see Akamai's research on the Israeli Gamken bot copycat.
Gon Avnon