unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Tomcat CVE-2024-21733漏洞简单复现、分析
1前言一句话概括这个漏洞,就是Tomcat在处理请求时不会清理缓冲区,由于某些原因,导致异常出现后标志位没有重置,进而导致异常堆栈抛出了没有被清理掉的缓冲区的数据本文主要介绍了异常是怎么产生的怎么构造...
2024-9-11 18:20:25 | 阅读: 76 |
收藏
|
Sec-News 安全文摘 - govuln.com
bytebuffer
数据
漏洞
coyote
artifactid
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
Last updated at Thu, 05 Sep 2024 15:14:14 GMT...
2024-9-6 11:58:54 | 阅读: 26 |
收藏
|
Sec-News 安全文摘 - govuln.com
webtools
ofbiz
groovy
datafile
Splitting the email atom: exploiting parsers to bypass access controls
Published: 07 August 2024 at 21:32 UTC...
2024-8-28 21:50:3 | 阅读: 29 |
收藏
|
Sec-News 安全文摘 - govuln.com
punycode
github
xn
joomla
psres
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail
Update 2024-08-27: Full technical details added.Key Information Sonar’s Vulnerability Research T...
2024-8-28 21:35:36 | 阅读: 22 |
收藏
|
Sec-News 安全文摘 - govuln.com
roundcube
victim
attachment
attacker
Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle
27 August 2024Surprisingly often, implementations include functionality where user input is passed t...
2024-8-28 21:31:3 | 阅读: 18 |
收藏
|
Sec-News 安全文摘 - govuln.com
formula
php
calculated
moodle
acos
SaaS多租户自动化渗透平台-架构笔记
0x01. 简介在 2022 年初,我写了一篇 “云化分布式自动化渗透测试平台 - 架构笔记” ,介绍了我与团队师傅在 SaaS 自动化渗透平台架构设计方面的一些想法和初步实践,距今已过去两年多的时间...
2024-8-28 17:34:13 | 阅读: 38 |
收藏
|
Sec-News 安全文摘 - govuln.com
安全
租户
数据
渗透
自动化
CTF - 羊城Web题解(近况)
...
2024-8-28 16:51:57 | 阅读: 12 |
收藏
|
Sec-News 安全文摘 - govuln.com
username
tob
hashtable
sig
xrecon is a powerful web fingerprinting tool with CDN detection capabilities
xrecon is a powerful web fingerprinting tool with CDN detection capabilities. It assists security...
2024-8-26 15:18:16 | 阅读: 11 |
收藏
|
Sec-News 安全文摘 - govuln.com
xrecon
library
github
wappalyzer
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
[ 繁體中文版本 | English Version ]Hey there! This is my research on Apache HTTP Server presented...
2024-8-25 22:23:9 | 阅读: 21 |
收藏
|
Sec-News 安全文摘 - govuln.com
php
proxy
confusion
rewriterule
redmine
A Patchdiffing Journey – TP-Link Omada
IntroductionLast year we participated in the Pwn2Own 2023 Toronto competition and succe...
2024-8-25 17:38:9 | 阅读: 33 |
收藏
|
Sec-News 安全文摘 - govuln.com
dhcp6c
v61
dhcp6
payload
dhcpv6
Gotta cache 'em all: bending the rules of web cache exploitation
Published: 08 August 2024 at 22:27 UTC...
2024-8-25 17:37:11 | 阅读: 8 |
收藏
|
Sec-News 安全文摘 - govuln.com
delimiter
delimiters
poisoning
myaccount
Google Chrome 123 RCE
2024-8-25 17:36:52 | 阅读: 18 |
收藏
|
Sec-News 安全文摘 - govuln.com
Rethinking the Security Threats of Stale DNS Glue Records
%PDF-1.7%¿÷¢þ1 0 obj<< /Names 3 0 R /Outlines 4 0 R /Pages 5 0 R /Type /Catalog >>endobj2 0 obj...
2024-8-23 16:51:21 | 阅读: 8 |
收藏
|
Sec-News 安全文摘 - govuln.com
00000
endobj
subtype
annot
rect
魔形女再袭?最新Android通杀漏洞CVE-2024-31317分析与利用研究
环境异常 当前环境异常,完成验证后即可继续访问。 去验证...
2024-8-22 22:51:26 | 阅读: 24 |
收藏
|
Sec-News 安全文摘 - govuln.com
如何巧妙构建“LDAPS”服务器利用JNDI注入
前段时间看到群友问了这样一个问题:ldap:和rmi:关键字被拦截了,是否还可以进行JNDI注入。方法很简单,就是使用ldap...
2024-8-16 23:24:14 | 阅读: 15 |
收藏
|
Sec-News 安全文摘 - govuln.com
ldaps
jndi
漏洞
conote
注入
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Microsoft researchers recently identified multiple medium severity vulnerabilities in Ope...
2024-8-15 17:26:25 | 阅读: 23 |
收藏
|
Sec-News 安全文摘 - govuln.com
openvpn
attacker
microsoft
openvpnserv
详解:L4LB四层负载均衡IP伪造漏洞
前言 去年11月,在国家信息安全漏洞共享平台CNVD、国家信息安全漏洞库CNNVD报告过TOA的IP伪造漏洞,到今天快过去1年了,各受影响方也基本修复完毕,今天聊一下细节吧。回顾当初演示时,使用了百度...
2024-8-11 22:39:13 | 阅读: 78 |
收藏
|
Sec-News 安全文摘 - govuln.com
toa
l4lb
漏洞
安全
信息
XenForo RCE via CSRF
2024-8-8 11:12:9 | 阅读: 9 |
收藏
|
Sec-News 安全文摘 - govuln.com
SonicWall SMA100 Stored XSS to RCE
2024-8-8 11:11:24 | 阅读: 10 |
收藏
|
Sec-News 安全文摘 - govuln.com
Listen to the whispers: web timing attacks that actually work
Published: 07 August 2024 at 18:10 UTC...
2024-8-8 11:1:1 | 阅读: 14 |
收藏
|
Sec-News 安全文摘 - govuln.com
timing
noise
reverse
injection
ssrf
Previous
2
3
4
5
6
7
8
9
Next