每日安全动态推送(10-22)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News


• Vulnerability Spotlight: Code execution vulnerability in Google Chrome WebGL:
http://feedproxy.google.com/~r/feedburner/Talos/~3/7zamtVG5Uqk/vuln-spotlight-chrome-web-gl-.html

   ・ Google Chrome WebGL Buffer11::getBufferStorage code execution vulnerability (CVE-2020-6555) – Jett


• [Tools] quentinhardy/odat:
https://github.com/quentinhardy/odat

   ・ ODAT - 针对 Oracle 数据库的开源渗透测试工具 – Jett


• Compromising virtualization without attacking the hypervisor:
https://theori.io/research/compromising-dom0-in-xen/

   ・ Compromising virtualization without attacking the hypervisor  – Jett


• Spring Boot Vulnerability DB (to be continued....):
https://github.com/pyn3rd/Spring-Boot-Vulnerability

   ・ Spring Boot 框架多个 RCE 漏洞分析 – Jett


• Awesome-Android-Security:
https://github.com/saeidshirazi/awesome-android-security

   ・ Awesome Android Security GitHub Repo – Jett


• GWTMap - Reverse Engineering Google Web Toolkit Applications:
https://labs.f-secure.com/blog/gwtmap-reverse-engineering-google-web-toolkit-applications/

   ・ GWTMap - 用于分析基于 Google Web Toolkit (GWT) 框架编写的应用的攻击面 – Jett


• Research:
https://darkbit.io/blog/cve-2020-15157-containerdrip

   ・  Apache containerd 敏感信息泄露漏洞 - ContainerDrip 的分析(CVE-2020-15157) – Jett


• GitHub - vp777/DNS-data-exfiltration: A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked.:
https://github.com/vp777/DNS-data-exfiltration

   ・ 基于 DNS 协议向外渗透数据的工具 – Jett


• CVE-2020-16938:
https://github.com/ioncodes/CVE-2020-16938

   ・ 绕过 NTFS 的文件权限限制,实现任意文件读漏洞(CVE-2020-16938) – Jett


• Bluetooth vulnerabilities:
https://gist.github.com/tdec/128751d818e9753364a72086b961390b

   ・ 近几年蓝牙协议相关的漏洞列表 – Jett


• AssaultCube RCE: Technical Analysis | by Elon Gliksberg | Oct, 2020 | Medium:
https://medium.com/@elongl/assaultcube-rce-technical-analysis-e12dedf680e5

   ・ AssaultCube 射击游戏 RCE 漏洞分析 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(10-22)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: