报告编号:B6-2020-090301
报告来源:360CERT
报告作者:360CERT
更新日期:2020-09-03
Vulnerability|漏洞
MoFi路由器多个漏洞
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
WordPress 文件管理器插件0day
https://portswigger.net/daily-swig/wordpress-security-zero-day-flaw-in-file-manager-plugin-actively-exploited?&web_view=true
phpstudy 自带Ngnix存在畸形解析漏洞
https://mp.weixin.qq.com/s?__biz=MzAxMjE3ODU3MQ==&mid=2650480468&idx=3&sn=709ffded8ed465ee03f91f2478aaba69
CVE-2020-13946:Apache Cassandra RMI重新绑定漏洞通告
https://cert.360.cn/warning/detail?id=9da7493f3ac8c42c9908d89006f3561a
Security Research|安全研究
QNAP NAS在野漏洞攻击事件披露
https://www.anquanke.com/post/id/216163
CVE-2020-0986: Windows splwow64 漏洞分析
https://googleprojectzero.blogspot.com/p/rca-cve-2020-0986.html
CVE-2020-7460:FREEBSD 内核提权分析
https://www.thezdi.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation
武器化GhostWriting注入
https://blog.sevagas.com/IMG/pdf/code_injection_series_part5.pdf
CVE-2019-19499: Grafana 6.4.3任意文件读取漏洞分析
https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/
PHP session 常见利用点
https://xz.aliyun.com/t/8221
Malware|恶意软件
Qbot木马:十年的银行木马快速分析
https://cyware.com/news/qbot-trojan-a-quick-analysis-of-a-decade-old-banking-trojan-bd6d0efd/?&web_view=true
推荐阅读:
1、CVE-2020-13946:Apache Cassandra RMI重新绑定漏洞通告
2、CVE-2019-0233:S2-060 拒绝服务漏洞分析
3、CVE-2019-0230:S2-059 远程代码执行漏洞分析
长按下方二维码关注360CERT!谢谢你的关注!
注:360CERT官方网站提供 《360-CERT每日安全简报(2020-09-03)》 完整详情,点击阅读原文
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论