声明:本文所有内容仅用于学习和研究目的,且不能违反《网络安全法》、《刑法》等相关要求,尤其禁止传播,或用于非善良目的。您查看本文,即视为遵守以上约定,否则责任自负。
今日导读:Citrix Gateway插件中的多个提权漏洞、GitHub Pages-通过不安全的Kramdown配置的多个RCE、weblogic jndi注入绕过分析复现、在基于Symfony的网站上远程执行代码、从某IM软件RCE漏洞看供应链安全、对HW期间遇到的禅道系统深入挖掘等。
【病毒区】
1、Life of Maze ransomware
【漏洞分析区】
2、Gateway2Hell – Multiple Privilege Escalation Vulnerabilities in Citrix Gateway Plug-In
3、GitHub Pages - Multiple RCEs via insecure Kramdown configuration - $25,000 Bounty
4、CVE-2020-17365 – Hotspot Shield VPN New Privilege Escalation Vulnerability
5、CVE-2020-16938 is a vulnerability that allows you to get unrestricted file read capabilities on the entire disk as unprivileged user.
6、Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers
7、CVE-2020-15157 “ContainerDrip” Write-up
8、Major Vulnerabilities Discovered in Qualcomm QCMAP
9、RCE in Discord Desktop App via CVE-2020-15174
10、cve 2020-14841 weblogic jndi注入绕过分析复现 附POC
【技术分享区】
11、GitHub Gist - Account takeover via open redirect - $10,000 Bounty
12、Secret fragments: Remote code execution on Symfony based websites
13、AssaultCube RCE: Technical Analysis
14、Firefox Vulnerability Research
15、疫情之下,从某IM软件RCE漏洞看供应链安全
https://www.anquanke.com/post/id/220159
16、对HW期间遇到的禅道系统深入挖掘
17、记一次授权测试到顺手挖一个0day
18、Exploiting Android deep links and exported components
#工具#FinSpy-for-Android:FinSpy for Android technical analysis and tools