CVE-2024-9264: Grafana Remote Code Execution via SQL Expressions In my previous blog post, I examined a File-Read vulnerability in Grafana, which was introduced in... 2024-11-7 16:16:55 | 阅读: 37 | 收藏 | Sec-News 安全文摘 - govuln.com reverse payload shellfs username duckdb

protectai/vulnhuntr: Zero shot vulnerability discovery using LLMs A tool to identify remotely exploitable vulnerabilities using LLMs and static code analysis.Worl... 2024-10-22 23:4:15 | 阅读: 8 | 收藏 | Sec-News 安全文摘 - govuln.com llm vulnhuntr analysis gpt

nollium/CVE-2024-9264: Exploit for Grafana arbitrary file-read (CVE-2024-9264) Grafana Post-Auth DuckDB SQL Injection (File Read)Proof of Concept (PoC)This PoC demonstrates the... 2024-10-22 02:3:51 | 阅读: 33 | 收藏 | Sec-News 安全文摘 - govuln.com duckdb 9264 gr injection

Why Code Security Matters - Even in Hardened Environments Infrastructure hardening makes applications more resilient to attacks. These measures raise the bar... 2024-10-10 00:30:53 | 阅读: 5 | 收藏 | Sec-News 安全文摘 - govuln.com attackers uv yellow signum memory

Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409) IntroductionIn this blog post, we will analyze CVE-2024-45409, a critical vulnerabi... 2024-10-5 19:14:50 | 阅读: 40 | 收藏 | Sec-News 安全文摘 - govuln.com assertion digest signedinfo oasis digestvalue

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine 首页 会员介绍... 2024-10-4 16:34:37 | 阅读: 7 | 收藏 | Sec-News 安全文摘 - govuln.com icp 20012251 审计

Java Payload 生成框架的设计与实现 一、前言    我们在实战渗透过程中，尤其是国内，遇到很多Java语言编写的站点居多，同时这里会存在很多Java漏洞场景。    例如在Shiro 550中，以Java反序列化点为漏洞入口起点，使用... 2024-9-30 14:21:49 | 阅读: 14 | 收藏 | Sec-News 安全文摘 - govuln.com payload github jndi ysomap

Clash 检测工具的原理 我在 /t/1076579 给出了 Clash 检测的在线工具，有评论希望我能说明以下其中的原理。对此比较感兴趣的，可以阅读一下本文。首先，需要了解两个术语：「同源策略」和「跨域资源共享」。... 2024-9-30 11:36:31 | 阅读: 22 | 收藏 | Sec-News 安全文摘 - govuln.com 端口 clash 浏览器 401 共享

iOS 如何按地区限制功能：浅析 MobileGestalt 与 Eligibility 如一些评论指出，今年的 iPhone 16 系列在上市时是一种奇怪的「空壳」状态：大力鼓吹的 Apple Intelligence 至少要等到十月的 iOS 18.1 中才能启用；与国内用户在短期内无... 2024-9-28 21:34:25 | 阅读: 37 | 收藏 | Sec-News 安全文摘 - govuln.com eligibility 备份 苹果

Preventing app removal on iOS You can still remove the app from Home Screen, but it is not uninstalled.... 2024-9-28 21:30:25 | 阅读: 16 | 收藏 | Sec-News 安全文摘 - govuln.com alarm superalarm approval prevented completes

探秘argv[0]：程序参数中的安全隐忧 2024-9-27 16:50:37 | 阅读: 6 | 收藏 | Sec-News 安全文摘 - govuln.com

webshell下的Rasp简易绕过 一 、什么是RASP？在2014年的时候，Gartner引入了“Runtime application self-protection”一词，简称为RASP。它是一种新型应用安全保护技术，它将保护程序... 2024-9-27 15:57:43 | 阅读: 30 | 收藏 | Sec-News 安全文摘 - govuln.com bypassrasp 拦截 shellentity splitpane

Attacking UNIX Systems via CUPS, Part I Hello friends, this is the first of two, possibly three (if and when I have time to finish the Wind... 2024-9-27 15:57:1 | 阅读: 21 | 收藏 | Sec-News 安全文摘 - govuln.com cups printer ppd ipp browsed

Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall The testing tool to identify if your domain is vulnerable to this attack is located at the end of th... 2024-9-27 15:56:6 | 阅读: 15 | 收藏 | Sec-News 安全文摘 - govuln.com webproxy vn redacted2 fastly

The real slim shady || Ivanti Endpoint Manager (EPM) Pre-Auth RCE ivanti just pushed a patch for a Critical CVSS 9.8 (Critical) Remote Code Execution Vulnerability th... 2024-9-20 17:24:53 | 阅读: 17 | 收藏 | Sec-News 安全文摘 - govuln.com remoting forshaw james mbr

解密 ClassFinal 加密的 Java Jar 包 ClassFinal 是一款 java class 文件安全加密工具，支持直接加密 jar 包或 war 包，无需修改任何项目代码，兼容 spring-framework ；可避免源码泄漏或字节码被反... 2024-9-18 20:0:42 | 阅读: 23 | 收藏 | Sec-News 安全文摘 - govuln.com classfinal decompiler roseboy classpath

Introducing the URL validation bypass cheat sheet Published: 03 September 2024 at 14:52 UTC... 2024-9-12 18:44:38 | 阅读: 6 | 收藏 | Sec-News 安全文摘 - govuln.com cheat bypass converted attacker hexadecimal

Tomcat CVE-2024-21733漏洞简单复现、分析 1前言一句话概括这个漏洞，就是Tomcat在处理请求时不会清理缓冲区，由于某些原因，导致异常出现后标志位没有重置，进而导致异常堆栈抛出了没有被清理掉的缓冲区的数据本文主要介绍了异常是怎么产生的怎么构造... 2024-9-11 18:20:25 | 阅读: 85 | 收藏 | Sec-News 安全文摘 - govuln.com bytebuffer 数据 漏洞 coyote artifactid

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed) Last updated at Thu, 05 Sep 2024 15:14:14 GMT... 2024-9-6 11:58:54 | 阅读: 53 | 收藏 | Sec-News 安全文摘 - govuln.com webtools ofbiz groovy datafile

Splitting the email atom: exploiting parsers to bypass access controls Published: 07 August 2024 at 21:32 UTC... 2024-8-28 21:50:3 | 阅读: 38 | 收藏 | Sec-News 安全文摘 - govuln.com punycode github xn joomla psres