探秘argv[0]：程序参数中的安全隐忧 2024-9-27 16:50:37 | 阅读: 6 | 收藏 | Sec-News 安全文摘 - govuln.com

webshell下的Rasp简易绕过 一 、什么是RASP？在2014年的时候，Gartner引入了“Runtime application self-protection”一词，简称为RASP。它是一种新型应用安全保护技术，它将保护程序... 2024-9-27 15:57:43 | 阅读: 31 | 收藏 | Sec-News 安全文摘 - govuln.com bypassrasp 拦截 shellentity splitpane

Attacking UNIX Systems via CUPS, Part I Hello friends, this is the first of two, possibly three (if and when I have time to finish the Wind... 2024-9-27 15:57:1 | 阅读: 22 | 收藏 | Sec-News 安全文摘 - govuln.com cups printer ppd ipp browsed

Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall The testing tool to identify if your domain is vulnerable to this attack is located at the end of th... 2024-9-27 15:56:6 | 阅读: 16 | 收藏 | Sec-News 安全文摘 - govuln.com webproxy vn redacted2 fastly

The real slim shady || Ivanti Endpoint Manager (EPM) Pre-Auth RCE ivanti just pushed a patch for a Critical CVSS 9.8 (Critical) Remote Code Execution Vulnerability th... 2024-9-20 17:24:53 | 阅读: 19 | 收藏 | Sec-News 安全文摘 - govuln.com remoting forshaw james mbr

解密 ClassFinal 加密的 Java Jar 包 ClassFinal 是一款 java class 文件安全加密工具，支持直接加密 jar 包或 war 包，无需修改任何项目代码，兼容 spring-framework ；可避免源码泄漏或字节码被反... 2024-9-18 20:0:42 | 阅读: 25 | 收藏 | Sec-News 安全文摘 - govuln.com classfinal decompiler roseboy classpath

Introducing the URL validation bypass cheat sheet Published: 03 September 2024 at 14:52 UTC... 2024-9-12 18:44:38 | 阅读: 7 | 收藏 | Sec-News 安全文摘 - govuln.com cheat bypass converted attacker hexadecimal

Tomcat CVE-2024-21733漏洞简单复现、分析 1前言一句话概括这个漏洞，就是Tomcat在处理请求时不会清理缓冲区，由于某些原因，导致异常出现后标志位没有重置，进而导致异常堆栈抛出了没有被清理掉的缓冲区的数据本文主要介绍了异常是怎么产生的怎么构造... 2024-9-11 18:20:25 | 阅读: 85 | 收藏 | Sec-News 安全文摘 - govuln.com bytebuffer 数据 漏洞 coyote artifactid

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed) Last updated at Thu, 05 Sep 2024 15:14:14 GMT... 2024-9-6 11:58:54 | 阅读: 56 | 收藏 | Sec-News 安全文摘 - govuln.com webtools ofbiz groovy datafile

Splitting the email atom: exploiting parsers to bypass access controls Published: 07 August 2024 at 21:32 UTC... 2024-8-28 21:50:3 | 阅读: 40 | 收藏 | Sec-News 安全文摘 - govuln.com punycode github xn joomla psres

Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail Update 2024-08-27: Full technical details added.Key Information Sonar’s Vulnerability Research T... 2024-8-28 21:35:36 | 阅读: 37 | 收藏 | Sec-News 安全文摘 - govuln.com roundcube victim attachment attacker

Back to School - Exploiting a Remote Code Execution Vulnerability in Moodle 27 August 2024Surprisingly often, implementations include functionality where user input is passed t... 2024-8-28 21:31:3 | 阅读: 25 | 收藏 | Sec-News 安全文摘 - govuln.com formula php calculated moodle acos

SaaS多租户自动化渗透平台-架构笔记 0x01. 简介在 2022 年初，我写了一篇 “云化分布式自动化渗透测试平台 - 架构笔记” ，介绍了我与团队师傅在 SaaS 自动化渗透平台架构设计方面的一些想法和初步实践，距今已过去两年多的时间... 2024-8-28 17:34:13 | 阅读: 49 | 收藏 | Sec-News 安全文摘 - govuln.com 安全 租户 数据 渗透 自动化

CTF - 羊城Web题解(近况) ‍... 2024-8-28 16:51:57 | 阅读: 17 | 收藏 | Sec-News 安全文摘 - govuln.com username tob hashtable sig

xrecon is a powerful web fingerprinting tool with CDN detection capabilities xrecon is a powerful web fingerprinting tool with CDN detection capabilities. It assists security... 2024-8-26 15:18:16 | 阅读: 17 | 收藏 | Sec-News 安全文摘 - govuln.com xrecon library github wappalyzer

Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! [ 繁體中文版本 | English Version ]Hey there! This is my research on Apache HTTP Server presented... 2024-8-25 22:23:9 | 阅读: 29 | 收藏 | Sec-News 安全文摘 - govuln.com php proxy confusion rewriterule redmine

A Patchdiffing Journey – TP-Link Omada IntroductionLast year we participated in the Pwn2Own 2023 Toronto competition and succe... 2024-8-25 17:38:9 | 阅读: 41 | 收藏 | Sec-News 安全文摘 - govuln.com dhcp6c v61 dhcp6 payload dhcpv6

Gotta cache 'em all: bending the rules of web cache exploitation Published: 08 August 2024 at 22:27 UTC... 2024-8-25 17:37:11 | 阅读: 13 | 收藏 | Sec-News 安全文摘 - govuln.com delimiter delimiters poisoning myaccount

Google Chrome 123 RCE 2024-8-25 17:36:52 | 阅读: 25 | 收藏 | Sec-News 安全文摘 - govuln.com

Rethinking the Security Threats of Stale DNS Glue Records %PDF-1.7%¿÷¢þ1 0 obj<< /Names 3 0 R /Outlines 4 0 R /Pages 5 0 R /Type /Catalog >>endobj2 0 obj... 2024-8-23 16:51:21 | 阅读: 13 | 收藏 | Sec-News 安全文摘 - govuln.com 00000 endobj subtype annot rect