Aggregator

关于 Chat Template 注入方式的学习

Seebug Paper
9 months 1 week ago
作者: dawu@知道创宇404实验室 日期: 2025年2月28日 1. 前言 伴随着年后 DeepSeek R1 模型的火热,号称能运行 DeepSeek R1 “满血版” 的 Ktransformers 框架也受到了大量关注。在使用该框架和阅读相关源码时,我发现框架在借助聊天模版(chat template) 将用户输入转化为输入模型的 token 列表的过程中,可能会存在类似于拼...

Commix: Open-source OS command injection exploitation tool

Help Net Security
9 months 1 week ago

Commix is an open-source penetration testing tool designed to automate the detection and exploitation of command injection vulnerabilities, streamlining security assessments for researchers and ethical hackers. Commix features Easy to use: Commix simplifies the process of identifying and exploiting command injection flaws in vulnerable parameters and HTTP headers, reducing the manual effort required. Portable: The tool includes everything needed to conduct effective command injection attacks across various operating systems and applications. Modular: Users can extend … More →

The post Commix: Open-source OS command injection exploitation tool appeared first on Help Net Security.

Help Net Security

ZDI-CAN-26376: IrfanView

ZDI: Upcoming Advisories
9 months 1 week ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-03-03, 42 days ago. The vendor is given until 2025-07-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZDI-CAN-26473: Luxion

ZDI: Upcoming Advisories
9 months 1 week ago
A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-03-03, 42 days ago. The vendor is given until 2025-07-01 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Managed ad