Aggregator

一个开源的 AI 代码助手 CLI 工具存在任意文件读取漏洞

某池WAF SQL注入Bypass

lit_ezsql一个SQL注入，正常查询的话id=1或id=2能查询出数据，下面我们测试一下闭合常见的几种组合都没有报错，并且能正常返回查询的数据，下面测试一些特殊的组合这些都返回了id=2的数据，说明对传进去的参数进行了处理，下面我们尝试一下宽字节注入用sqlmap指定宽字节注入就能注出来下面介绍一下手注的流程测试 payload：其中：%bf 是宽字节前导%27 是单引号 '后面拼接 OR

基于高度混淆的JavaScript脚本，对比网页AI与AI IDE的JS逆向分析能力

Linux中的java内存马排查

本文记录了 HackTheBox Shibboleth 靶机的一次完整渗透测试过程。文章首先通过 TCP 全端口扫描确认目标主要暴露 80/tcp 服务，并从 Web 重定向、页面源码、目录枚举和页面页脚信息中提取出 Zabbix 与 Bare Metal BMC 线索；随后结合 UDP 623 扫描与虚拟主机爆破，定位到隐藏的 Zabbix 登录入口以及 IPMI 服务暴露面。在初始访问阶段，文

Name: Hackअस्त्र (an Hackअस्त्र CTF Qualifiers event.)
Date: May 29, 2026, 10:15 a.m. — 30 May 2026, 17:15 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.hackastra.tech/
Rating weight: 0
Event organizers: Ethical HCK

Name: HSE CTF 2026 (an HSE CTF event.)
Date: May 30, 2026, 7 a.m. — 30 May 2026, 13:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Moscow, Russia
Offical URL: https://ctf.miem.hse.ru/
Rating weight: 0.00
Event organizers: HSE CTF Crew

Name: Pwn2Play Open CTF (an Pwn2Play Open CTF event.)
Date: May 30, 2026, 9 a.m. — 30 May 2026, 18:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: DMU Leicester & Online
Offical URL: https://pwn2play.biterra.co/
Rating weight: 0
Event organizers: DMUHackers26

В цепочке хватило одного слабого места, чтобы защита превратилась в проблему для всей сети.

Cybercrime group ShinyHunters leaked data allegedly stolen from Charter Communications, exposing millions of customer records after a failed extortion attempt. The ShinyHunters extortion group has published data allegedly stolen from Charter Communications after the company apparently refused to pay a ransom. Charter Communications is one of the largest telecommunications companies in the United States. It […]

Как энтузиасты получили доступ к закрытым технологиям элитных лабораторий?

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Linux Foundation раздает ИИ-агентам виртуальные паспорта.

A vulnerability, which was classified as problematic, was found in Schneider Electric Modicon M340, Modicon Quantum and Modicon Premium Legacy. This affects an unknown part of the component Web Server. The manipulation results in out-of-bounds read. This vulnerability is known as CVE-2020-7562. Access to the local network is required for this attack. No exploit is available.

A vulnerability has been found in Schneider Electric Modicon M340, Modicon Quantum and Modicon Premium Legacy and classified as critical. This vulnerability affects unknown code of the component Web Server. This manipulation causes out-of-bounds write. This vulnerability is handled as CVE-2020-7563. The attack can only be done within the local network. There is not any exploit available.

A vulnerability was found in Schneider Electric Modicon M340, Modicon Quantum and Modicon Premium Legacy and classified as critical. This issue affects some unknown processing of the component Web Server. Such manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2020-7564. The attack can only be initiated within the local network. No exploit exists.

A vulnerability has been found in Linux Kernel up to 5.9.9 and classified as problematic. Affected is an unknown function of the file drivers/accessibility/speakup/spk_ttyio.c of the component Speakup Driver. This manipulation causes denial of service. This vulnerability is registered as CVE-2020-28941. The attack needs to be launched locally. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Schneider Electric Modicon M221. This vulnerability affects unknown code. Performing a manipulation results in inadequate encryption strength. This vulnerability is identified as CVE-2020-7565. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in Schneider Electric Modicon M221. This issue affects some unknown processing. Executing a manipulation can lead to insufficiently random values. This vulnerability is tracked as CVE-2020-7566. The attack is only possible within the local network. No exploit exists.