(CVE-2023-1719) Bitrix24 Insecure Global Variable Extraction Summary:ProductBitrix24VendorBitrix24SeverityHighAffected VersionsBitrix24 22.0.3... 2023-11-1 08:0:0 | 阅读: 41 | 收藏 | Advisories on STAR Labs - starlabs.sg php bitrix globals toglobals

(CVE-2023-1720) Bitrix24 Stored Cross-Site Scripting (XSS) via File Upload Summary:ProductBitrix24VendorBitrix24SeverityHighAffected VersionsBitrix24 22.0.3... 2023-11-1 08:0:0 | 阅读: 26 | 收藏 | Advisories on STAR Labs - starlabs.sg bitrix24 bxu cid php emailed

A Year Fuzzing XNU Mach IPC 好的，我现在需要帮用户总结一下这篇文章的内容。用户的要求是用中文，控制在100字以内，不需要特定的开头，直接写描述即可。 首先，我看看文章的标题：“A year's worth of targeted fuzzing against XNU's Mach IPC subsystem — methodology, findings, and lessons learned.” 这里提到的是针对XNU的Mach IPC子系统进行了一年的模糊测试，包括方法、发现和经验教训。 接下来，文章提到是在Hexacon 2023会议上发表的演讲，地点在巴黎，时间是2023年10月。演讲内容涵盖了持续一年的模糊测试活动，包括架构、语料库构建、漏洞分类以及一些发现。 用户希望总结控制在100字以内，所以我需要提炼关键信息：持续一年的模糊测试、针对XNU的Mach IPC子系统、内容包括方法、发现和经验教训，并且是在Hexacon 2023会议上发表的。 现在把这些信息浓缩成一句话，确保不超过100字。可能需要调整结构，比如先说时间地点，再说内容和结果。 最后检查一下是否符合要求：中文、简洁、直接描述内容。没有使用“文章内容总结”这样的开头。 </think> 本文介绍了针对XNU Mach IPC子系统的持续一年的模糊测试活动，在Hexacon 2023会议上分享了方法论、发现及经验教训。... 2023-10-13 00:0:0 | 阅读: 3 | 收藏 | Publications on STAR Labs - starlabs.sg slides hexacon xnu uncovered

(CVE-2023-4197) Dolibarr ERP CRM (<= 18.0.1) Improper Input Sanitization Authenticated RCE Summary:ProductDolibarr ERP CRMVendorDolibarrSeverityHighAffected Versions<= 18.0... 2023-10-11 08:0:0 | 阅读: 33 | 收藏 | Advisories on STAR Labs - starlabs.sg php dolibarr webpage erp newstr

(CVE-2023-4198) Dolibarr ERP CRM (<= 17.0.3) Improper Access Control Summary:ProductDolibarr ERP CRMVendorDolibarrSeverityHighAffected Versions<= 17.0... 2023-10-11 08:0:0 | 阅读: 53 | 收藏 | Advisories on STAR Labs - starlabs.sg dolibarr erp php username

Analysis of NodeBB Account Takeover Vulnerability (CVE-2022-46164) Back in January 2023, I tasked one of our web security interns, River Koh (@oceankex), to perform n-... 2023-9-29 08:0:0 | 阅读: 20 | 收藏 | Blogs on STAR Labs - starlabs.sg sio nodebb targeturl emit 4567

(CVE-2023-30591) NodeBB Pre-Authentication Denial-of-Service Summary:ProductNodeBBVendorNodeBBSeverityHigh - Unprivileged attackers are able to ca... 2023-9-29 08:0:0 | 阅读: 21 | 收藏 | Advisories on STAR Labs - starlabs.sg eventname nodebb payload startswith loader

[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) BriefI may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 20... 2023-9-25 08:0:0 | 阅读: 57 | 收藏 | Blogs on STAR Labs - starlabs.sg httpcontext

nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248) During my internship, I have been researching and trying to find bugs within the nftables subsystem.... 2023-9-25 08:0:0 | 阅读: 36 | 收藏 | Blogs on STAR Labs - starlabs.sg nftnl nlmsg nf 1411 mnl

[P2O Vancouver 2023] SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) BriefI may have achieved successful exploitation of a SharePoint target during Pwn2Own Vanco... 2023-9-25 00:0:0 | 阅读: 4 | 收藏 | Blogs on STAR Labs - starlabs.sg httpcontext

nftables Adventures: Bug Hunting and N-day Exploitation (CVE-2023-31248) During my internship, I have been researching and trying to find bugs within the nftables sub... 2023-9-25 00:0:0 | 阅读: 3 | 收藏 | Blogs on STAR Labs - starlabs.sg nftnl nlmsg nf mnl 1411

(CVE-2023-2315) Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 Summary:ProductOpenCartVendorOpenCartSeverityHigh - Adversaries may exploit software... 2023-9-18 08:0:0 | 阅读: 36 | 收藏 | Advisories on STAR Labs - starlabs.sg opencart php username emptied developers

(CVE-2023-32523) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE Summary:ProductTrend Micro Mobile Security (Enterprise) 9.8 SP5VendorTrend MicroSeveri... 2023-8-22 08:0:0 | 阅读: 32 | 收藏 | Advisories on STAR Labs - starlabs.sg php widget security username mydebug

(CVE-2023-32524) Trend Micro Mobile Security (Enterprise) 9.8 SP5 (<= Critical Patch 3) Unauthenticated RCE Summary:ProductTrend Micro Mobile Security (Enterprise) 9.8 SP5VendorTrend MicroSeveri... 2023-8-22 08:0:0 | 阅读: 64 | 收藏 | Advisories on STAR Labs - starlabs.sg php security username mydebug

(CVE-2023-32529) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE Summary:ProductTrend Micro Apex Central 2019VendorTrend MicroSeverityHighAffected... 2023-8-22 08:0:0 | 阅读: 41 | 收藏 | Advisories on STAR Labs - starlabs.sg php webapp apex widget

(CVE-2023-32530) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE Summary:ProductTrend Micro Apex Central 2019VendorTrend MicroSeverityHighAffected... 2023-8-22 08:0:0 | 阅读: 61 | 收藏 | Advisories on STAR Labs - starlabs.sg php webapp apex widget modtmms

(CVE-2023-38624) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF Summary:ProductTrend Micro Apex Central 2019VendorTrend MicroSeverityHighAffected... 2023-8-22 08:0:0 | 阅读: 47 | 收藏 | Advisories on STAR Labs - starlabs.sg ssrf proxy cgiargs serverinfo widget

(CVE-2023-38625) Trend Micro Apex Central 2019 (<= Build 6394) Authenticated SSRF Summary:ProductTrend Micro Apex Central 2019VendorTrend MicroSeverityHighAffected... 2023-8-22 08:0:0 | 阅读: 34 | 收藏 | Advisories on STAR Labs - starlabs.sg proxy ssrf apex webapp

(CVE-2023-2971) Typora Local File Disclosure (Patch Bypass) Summary:ProductTyporaVendorTyporaSeverityMediumAffected VersionsTypora for Window... 2023-8-19 08:0:0 | 阅读: 23 | 收藏 | Advisories on STAR Labs - starlabs.sg webpage windows typemark malicious payload

(CVE-2023-2316) Typora Local File Disclosure Summary:ProductTyporaVendorTyporaSeverityMediumAffected VersionsTypora for Window... 2023-8-19 08:0:0 | 阅读: 43 | 收藏 | Advisories on STAR Labs - starlabs.sg webpage windows malicious payload attacker