Tomcat 漏洞分析(CVE-2025-24813)
CVE-2025-24813 Tomcat 最新 RCE 分析复现
Aggregator
记一次样本分析
14 hours 50 minutes ago
样本分析
记某众测Fastjson<=1.2.68反序列化RCE过程
14 hours 50 minutes ago
在某次众测过程中使用搜索引擎找到某单位部署的旁站,通过前端JS信息分析找到一处ssrf漏洞。在ssrf测试时根据提示信息得到服务端接收的数据格式为json格式,再通过构造json报错语句时服务端报错回显了fastjson版本号为1.2.58,然后寻找Fastjson 1.2.58利用链,最后RCE。
PEAR组件在Docker生态中的无文件RCE
14 hours 50 minutes ago
传统文件包含漏洞利用通常依赖攻击者上传恶意文件,或利用服务端临时文件(如session.upload_progress)实现代码执行。但PHP的Pear组件却打破了这一限制:当服务器满足register_argc_argv=On配置时,攻击者可通过精心构造的URL参数,将Web请求伪装成命令行参数,直接操纵pearcmd.php执行高危操作
springSecurity框架在 WebFlux 下的权限饶过
14 hours 51 minutes ago
springSecurity框架在 WebFlux 下的权限饶过
睡眠混淆技术分享(sleep obfuscation)
14 hours 51 minutes ago
sleep obfuscation
YARA规则编写与实战
14 hours 51 minutes ago
YARA是一种恶意软件模式匹配的工具
2025年Solar应急响应公益月赛-3月-Writeup
14 hours 51 minutes ago
2025年Solar应急响应公益月赛-3月题解
某开源网盘程序漏洞分析
14 hours 52 minutes ago
PicHome是一款功能强大的开源网盘程序,它不仅能高效管理各类文件,还在图像和媒体文件管理方面表现出色。其亮点包括强大的文件共享功能和先进的AI辅助管理工具,为用户提供了便捷、智能的文件管理体验。
移动互联网(APP)安全积分争夺赛初赛writeup
14 hours 52 minutes ago
CTF
记一道取证题分析和试错过程
14 hours 52 minutes ago
今年线上线下ctf比赛都出现了很多取证题,在此拿一道题来进行分析,并讲述工具利用
CVE-2025-3083
15 hours 1 minute ago
Currently trending CVE - Hype Score: 1 - Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31, MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 ...
CVE-2025-30095
15 hours 1 minute ago
Currently trending CVE - Hype Score: 10 - VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if ...
CVE-2025-0676
15 hours 1 minute ago
Currently trending CVE - Hype Score: 10 - This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, ...
CVE-2025-0401
15 hours 1 minute ago
Currently trending CVE - Hype Score: 1 - A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to ...
Daily Dose of Dark Web Informer - 4th of April 2025
15 hours 25 minutes ago
This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Dark Web Informer - Cyber Threat Intelligence
Threat Attack Daily - 4th of April 2025
16 hours 1 minute ago
Threat Attack Daily - 4th of April 2025
Dark Web Informer - Cyber Threat Intelligence
NightSpire
16 hours 7 minutes ago
cohenido
NightSpire
16 hours 7 minutes ago
cohenido
NightSpire
16 hours 7 minutes ago
cohenido