Aggregator

A vulnerability was found in Totolink X6000R 9.4.0cu.652_B20230116. It has been declared as critical. Affected is the function sub_412688. Executing a manipulation can lead to command injection. This vulnerability is registered as CVE-2023-46418. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Totolink X6000R 9.4.0cu.652_B20230116. It has been rated as critical. Affected by this vulnerability is the function sub_415730. The manipulation leads to command injection. This vulnerability is documented as CVE-2023-46419. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Totolink X6000R 9.4.0cu.652_B20230116. Affected by this issue is the function sub_41590C. The manipulation results in command injection. This vulnerability is reported as CVE-2023-46420. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in Totolink X6000R 9.4.0cu.652_B20230116. This affects the function sub_411D00. This manipulation causes command injection. This vulnerability appears as CVE-2023-46421. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as critical has been found in Totolink X6000R 9.4.0cu.652_B20230116. Affected by this vulnerability is the function sub_41A414. The manipulation results in command injection. This vulnerability is known as CVE-2023-46416. It is possible to launch the attack remotely. No exploit is available.

A vulnerability categorized as critical has been discovered in Totolink X6000R 9.4.0cu.652_B20230116. This impacts the function sub_41D494. Executing a manipulation can lead to command injection. This vulnerability appears as CVE-2023-46414. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as critical has been detected in Totolink X6000R 9.4.0cu.652_B20230116. Affected is the function sub_41E588. The manipulation leads to command injection. This vulnerability is traded as CVE-2023-46415. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.652_B20230116. Impacted is the function sub_41D998. The manipulation leads to command injection. This vulnerability is referenced as CVE-2023-46412. The attack needs to be initiated within the local network. No exploit is available.

A vulnerability, which was classified as critical, was found in Totolink X6000R 9.4.0cu.652_B20230116. The affected element is the function sub_4155DC. The manipulation results in command injection. This vulnerability is identified as CVE-2023-46413. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability described as critical has been identified in Totolink X6000R 9.4.0cu.652_B20230116. This affects the function sub_41CC04. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2023-46409. The attack can only be initiated within the local network. No exploit exists.

A vulnerability classified as critical has been found in Totolink X6000R 9.4.0cu.652_B20230116. This vulnerability affects the function sub_416F60. Performing a manipulation results in command injection. This vulnerability was named CVE-2023-46410. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability classified as critical was found in Totolink X6000R 9.4.0cu.652_B20230116. This issue affects the function sub_415258. Executing a manipulation can lead to command injection. The identification of this vulnerability is CVE-2023-46411. The attack needs to be done within the local network. There is no exploit available.

关于四种Tomcat内存马的一些学习与思考

Nullbyte渗透靶场精讲，涉及信息收集，Hydra表单暴力破解，John md5哈希暴力破解，SQL注入多种利用，suid可执行文件利用提权，值得研究和学习。

漏洞简介n8n 在其工作流表达式评估系统中存在一个关键的远程代码执行（RCE）漏洞。经过认证的用户在工作流配置过程中提供的表达式，可以在与底层运行时隔离不足的执行上下文中进行评估。 经过认证的攻击者可能会滥用这种行为，以n8n进程的权限执行任意代码。成功的利用可能导致受影响实例的全面入侵，包括未经授权访问敏感数据、修改工作流程以及系统级作的执行。漏洞影响评分：9.9版本：<1.123.17,

Winos4控制平台、木马上线环节、木马控制环节、通信模型分析

Dokploy 漏洞挖掘记录(2RCE+1 目录穿越)

A vulnerability identified as critical has been detected in Linux Kernel up to 6.17.2. This affects the function generic_handle_domain_irq of the component PCI. Performing a manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-40076. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.17.2. This issue affects the function pgoff_t of the component f2fs. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-40077. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.17.2. This vulnerability affects the function dst_dev_rcu of the component ipv4. Executing a manipulation can lead to use after free. This vulnerability is handled as CVE-2025-40074. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.