Aggregator

NodeJs可以写后端、electron又可以打包成exe，还可以通过主进程命令执行，那么不就可以自研一个C2了吗

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation

Purple.com Suffers Major Data Breach: 3 Million Customer and Order Records Allegedly Leaked

Tenda AC15路由器的各种cve漏洞

基于DruidDataSourceFactory的一些jdbcAttack。基于BeanFactory。。。。。

近期捕获的远控木马使用的通信证书与此前在Github上挖掘发现的远控木马的通信证书相同

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. [...]

Qt利用poolparty+计划任务进行断链，隐藏真实意图

hutool依赖利用链挖掘分析

利用链寻找利器 CodeQL：如何精准定位二次反序列化漏洞

本文探讨Rust编译环境安全漏洞的技术文章。分析了Rust生态中常见的安全威胁，以及在Cargo编译时的特性造成的逻辑漏洞，详细解析Cargo.toml文件的配置风险，包括依赖、路径穿越等，并展示通过一个模拟GitHub Action的CTF题目，展示了如何利用过程宏和路径穿越漏洞实现RCE。

先知社区运营规则V2.0

GitLab 历年来曝出过大量安全漏洞，涵盖远程代码执行（RCE）、提权、SSRF、XSS、任意文件读取、CI/CD 注入以及各种逻辑缺陷等。在红队视角下，这些漏洞尤其值得关注，因为它们往往能被利用实现对GitLab服务器或敏感数据的控制。下面按漏洞类型对关键历史 CVE 和研究案例进行分类梳理，并提供漏洞描述、影响版本、触发点、利用方式等细节。

传统文件包含漏洞利用通常依赖攻击者上传恶意文件，或利用服务端临时文件（如session.upload_progress）实现代码执行。但PHP的Pear组件却打破了这一限制：当服务器满足register_argc_argv=On配置时，攻击者可通过精心构造的URL参数，将Web请求伪装成命令行参数，直接操纵pearcmd.php执行高危操作

A vulnerability was found in Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13. It has been rated as critical. This issue affects some unknown processing of the component LOV. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2024-21033. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13. Affected is an unknown function of the component LOV. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2024-21034. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13. Affected by this vulnerability is an unknown functionality of the component LOV. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2024-21035. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13. This affects an unknown part of the component LOV. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2024-21037. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Complex Maintenance, Repair, and Overhaul up to 12.2.13. Affected by this issue is some unknown functionality of the component LOV. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-21036. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.