每日安全资讯-2020.5.18

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:CVE-2019-0685 Win32k DirectComposition中的引用计数泄漏、jQuery 3.5.0 XSS、了解Internet Explorer中的漏洞等。

【漏洞分析区】
1、CVE-2019-0685 win32k reference count leak in DirectComposition

2、CVE-2020-11022/CVE-2020-11023: jQuery 3.5.0 XSS

3、securecrt: memory corruption in CSI functions CVE-2020-12651
https://bugs.chromium.org/p/project-zero/issues/detail?id=2033

【技术分享区】
4、Internet Exploiter: Understanding vulnerabilities in Internet Explorer
https://labs.f-secure.com/blog/internet-exploiter-understanding-vulnerabilities-in-internet-explorer/

5、APC Series: User APC API
https://repnz.github.io/posts/apc/user-apc/

6、Bypassing SSRFs like a King

7、SecWiki周刊(2020/05/11-2020/05/17)
https://www.sec-wiki.com/weekly/324

#工具#Google open sourced their fuzzing dictionaries

#工具#win-brute-logon:Crack any Microsoft Windows users password without any privilege (Guest account included)

#工具#Stormspotter:Azure Red Team tool for graphing Azure and Azure Active Directory objects