Aggregator

A vulnerability was found in Netgear WNR854T 1.5.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file post.cgi of the component Request Handler. The manipulation of the argument get_email leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-54805. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Netgear WNR854T 1.5.2. It has been classified as critical. Affected is an unknown function of the file cmd.cgi of the component Web Interface. The manipulation leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2024-54806. It is possible to launch the attack remotely. There is no exploit available.

TGCTF-misc全解

2025XYCTF wp by Br1ghtM0on

CTF

前段时间参与了下阿里云的伏魔webshell挑战赛，记录下PHP的一些思路。

渗透测试

私有云的对象存储系统的漏洞（可以导致任意覆盖写桶里面的文件）以及这个漏洞大模型AI场景利用挖掘以及影响。

如果程序使用了setvbuf(stdout,0,0,0),要想使缓冲区的地址打印出来，有以下思路 1. 重新设置setvbuf，但这不知道管不管用，没法尝试因为这需要4个参数，没法控制rdx和rcx 2. 调用fflush(stdout)，但是需要泄露libc地址，死循环，这里做不到 3. 挤爆缓冲区，自然就会把内容打印出来了| 但这三种方法在题目中行不通怎么办呢，那就是使用fgetc。

Base64题目描述：如题 flag格式为HZNUCTF{}给ai写的HZNUCTF{ad162c-2d94-434d-9222-b65dc76a3最后加个2}2是手动爆的蛇年的本命语言题目描述：如题...flag的格式为HZNUCTF{}pyinstxtractor加uncompyle6组合拳得到源码解z3注意到显然是以字符＋字频格式排列的，共36个字符111111116257645365477

从getter到jndi之LdapAttribute反序列化链前言如果现在可以调用 getter 方法但是在 jdk 高版本中 TransformerImpl 因为模块化无法使用我们还能有什么 sink 点呢，这就不得不提今天的主角 jdk 原生类 LdapAttribute 了，这个类存在 getter 方法可以打 jndi 注入。调试分析定位到 LdapAttribute#getAttribu

A vulnerability has been found in Linux Kernel up to 5.18.3 and classified as problematic. This vulnerability affects the function tcp_rtx_synack. The manipulation leads to state issue. This vulnerability was named CVE-2022-49372. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.3. It has been classified as problematic. Affected is the function kobject_init_and_add. The manipulation leads to memory leak. This vulnerability is traded as CVE-2022-49370. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.18.3. Affected is the function ubi_create_volume. The manipulation of the argument eba_tbl leads to use after free. This vulnerability is traded as CVE-2022-49388. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.3. It has been declared as problematic. This vulnerability affects the function state_show of the component extcon. The manipulation leads to state issue. This vulnerability was named CVE-2022-49308. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.18.3 and classified as critical. Affected by this vulnerability is the function devm_kfree of the component st21nfca. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-49331. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.18.3. Affected is the function unix_dgram_peer_wake_me of the component af_unix. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2022-49344. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.3. It has been classified as problematic. This affects the function of_get_child_by_name of the component mv88e6xxx_mdios_register. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2022-49367. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1 and classified as critical. This vulnerability affects the function __kmem_cache_shutdown. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2022-49220. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.4.187/5.10.108/5.15.31/5.16.17/5.17.0. Affected is the function try_get_ops of the file tpm-space.c. The manipulation of the argument tpm_mutex leads to privilege escalation. This vulnerability is traded as CVE-2022-49286. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.