Aggregator

1、前言最不想看的一个产品就是GeoServer，这次就做初步的分析吧，它还是比较好理解的。GeoServer是一款开源的地理数据服务器，用于共享、编辑和发布地理空间数据，支持多种标准地图服务协议。（阿里云的图没找到，将就一下）版本信息如下：2、整体架构标准的采用模块化研发我们长话短说，根据漏洞的描述和修复的点来说一下它的部分架构，它是如何解析我们的url的，怎么获取，又怎么分发下去的，又是如何触

A vulnerability was found in Ugreen DH2100+ up to 5.3.0 and classified as critical. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. This vulnerability is referenced as CVE-2025-14693. The attack can be executed directly on the physical device. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

大家好啊，这里是说的CTF

近期有不少师傅在咨询我，问我说：常规的漏洞原理和利用都捻熟于心，但是为什么在SRC挖掘和攻防中，往往就是挖不到漏洞呢？我给了两点回复：第一个就是实战的经验比较少，对于漏洞在哪出现，有什么手法还掌握的不多；第二个是信息搜集没有得到要领，只会僵硬的进行信息搜集，对于边缘资产和隐形资产的发掘没有经验。

Submit #705035 / VDB-311659

Submit #704657 / VDB-336411

Submit #704646 / VDB-336411

A vulnerability has been found in Mayan EDMS up to 4.10.1 and classified as problematic. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. The identification of this vulnerability is CVE-2025-14692. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The affected component should be upgraded. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

A vulnerability, which was classified as problematic, was found in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. This vulnerability was named CVE-2025-14691. The attack may be performed from remote. In addition, an exploit is available. You should upgrade the affected component. The vendor confirms that this is "[f]ixed in version 4.10.2". Furthermore, that "[b]ackports for older versions in process and will be out as soon as their respective CI pipelines complete."

Submit #704246 / VDB-222361

已知 N = P*Q^r，若存在一个足够大的整数 e，被告知 e | φ(N)，可以多项式时间分解 N

深入研究压缩文件 CRC32 碰撞解密的原理

Submit #711729 / VDB-336410

Submit #711713 / VDB-336409

记录下thl靶场的靶机渗透，共20个靶机的详细渗透过程，里面对各种渗透提权payload进行了详细的解释刨析，希望能对刚入门渗透的热爱安全的师傅带来帮助

A vulnerability was found in itsourcecode Student Management System 1.0. It has been rated as critical. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2025-14653. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component httpd. Such manipulation of the argument list leads to stack-based buffer overflow. This vulnerability is documented as CVE-2025-14654. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in MartialBE one-hub up to 0.14.27. It has been classified as critical. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION_SECRET leads to use of hard-coded cryptographic key . This vulnerability is listed as CVE-2025-14651. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to change the configuration settings. The code maintainer recommends (translated from Chinese): "The default docker-compose example file is not recommended for production use. If you intend to use it in production, please carefully check and modify every configuration and environment variable yourself!"

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. It has been declared as critical. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2025-14652. The attack may be launched remotely. Furthermore, there is an exploit available.

银狐，又名Winos 或 ValleyRAT。流传范围最广的是Winos4.0版本，本文对其在受害主机留下的文件相关痕迹进行分析总结，提取出关键信息以便后续的溯源分析，并给一键dump脚本，便捷提取出所有留下的蛛丝马迹。