每日安全动态推送(04-14)

  • A+
所属分类:安全新闻
Tencent Security Xuanwu Lab Daily News

• EFB Tampering 2. Device Integrity: 
https://www.pentestpartners.com/security-blog/efb-tampering-2-device-integrity/

   ・ EFB 的攻击面分析。 – potato


• [PDF] https://static.ernw.de/whitepaper/ERNW-Whitepaper-71_AV_Quarantine_signed.pdf: 
https://static.ernw.de/whitepaper/ERNW-Whitepaper-71_AV_Quarantine_signed.pdf

   ・ 防病毒软件的隔离文件分析。 – potato


• AT&T 3B2 and 3B5 Computer Driver Design Guide : AT&T : Free Download, Borrow, and Streaming : Internet Archive: 
https://archive.org/details/Att3b2And3b5ComputerDriverDesignGuide

   ・ AT&T 3B2与3B5计算机驱动程序设计指南手册。 – lanying37


• [Browser] exploits/chrome-0day at master · r4j0x00/exploits · GitHub: 
https://github.com/r4j0x00/exploits/tree/master/chrome-0day

   ・ Chrome 的 0day EXP。 – potato


• Xstream反序列化远程代码执行漏洞深入分析: 
http://blog.topsec.com.cn/xstream%e5%8f%8d%e5%ba%8f%e5%88%97%e5%8c%96%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c%e6%bc%8f%e6%b4%9e%e6%b7%b1%e5%85%a5%e5%88%86%e6%9e%90/

   ・ Xstream反序列化远程代码执行漏洞深入分析。 – potato


• Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild: 
https://securelist.com/zero-day-vulnerability-in-desktop-window-manager-cve-2021-28310-used-in-the-wild/101898/

   ・ Desktop Window Manager(CVE-2021-28310)在野利用分析。 – potato


• Remote Denial-of-Service on CycloneTCP : CVE-2021-26788: 
http://blog.quarkslab.com/remote-denial-of-service-on-cyclonetcp-cve-2021-26788.html

   ・ 针对CycloneTCP上的远程拒绝服务漏洞(CVE-2021-26788) – lanying37


• From 0 to RCE: Cockpit CMS: 
https://swarm.ptsecurity.com/rce-cockpit-cms/

   ・ Cockpit CMS 通过 CVE-2020-35846(NoSQL 注入)实现 RCE。  – potato


• FTP2RCE: 
https://speakerdeck.com/bo0om/ftp2rce

   ・ Server-side request forgery via ftp account – potato


* 查看或搜索历史推送内容请访问: 
https://sec.today

* 新浪微博账号:腾讯玄武实验室 
https://weibo.com/xuanwulab


本文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(04-14)

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: