每日安全资讯-2020.7.16

声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。

今日导读:V-SOL家用路由器任意OS命令注入漏洞、McAfee Total Protection(MTP)<16.0.R26提权漏洞、多个浏览器中的地址栏欺骗漏洞、T3反序列化 Weblogic12.2.1.4.0 JNDI注入、在思科设备中寻找后门等。

【病毒区】
1、GReAT Ideas follow-up

【漏洞分析区】
2、Arbitrary OS command injection vulnerability affecting home routers manufactured by Guangzhou-based V-SOL (CVE-2020-8958)

3、McAfee Total Protection (MTP) < 16.0.R26 Escalation of Privilege (CVE-2020-7283)

4、Address bar spoofing vulnerability was observed in Safari, Edge, Opera, Android Webview, Naver Whale, Chrome, Brave, Avast, Amazon Silk, and Falkon browser.

5、T3反序列化 Weblogic12.2.1.4.0 JNDI注入
https://www.anquanke.com/post/id/210724

【技术分享区】
6、Pentesting Git source repositories
https://www.errno.fr/Attacking_source_repositories

7、Abusing GitLab Runners

8、Bypassing LSA Protection (aka Protected Process Light) without Mimikatz on Windows 10

9、Hunting for backdoors in Counterfeit Cisco devices

10、How I Bypassed Crowdstrike Restriction

11、Exploiting Imported Libraries to Bypass WAF

#工具#SAP_RECON:PoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)

2 1