热点概要:Joomla!3.7.0 Core SQL注入漏洞、ORACLE PEOPLESOFT 远程代码执行漏洞:从BLIND XXE到系统shell、对NSA SHADOWBROKERS泄漏工具中的“EPICHERO”的分析、一个简单的分布式WEB扫描器的设计与实践、Eternalblue exploit for Windows 8/2012、PHPCMS MT_RAND SEED CRACK致authkey泄露
资讯类:
黑客已经侵入Edmodo教育平台,窃取约7700万教师,学生和家长的信息
技术类:
Joomla!3.7.0 Core SQL注入漏洞
https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html
http://bobao.360.cn/learning/detail/3868.html
WordPress 4.7.5发布修复多个安全漏洞
https://wordpress.org/news/2017/05/wordpress-4-7-5/
ORACLE PEOPLESOFT 远程代码执行漏洞:从BLIND XXE到系统shell
https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
使用binsnitch.py检测恶意软件创建文件
https://blog.nviso.be/2017/05/17/using-binsnitch-py-to-detect-files-touched-by-malware/
Call For Papers – Recon Village @ DEFCON 25
http://www.reconvillage.org/cfp/
对NSA SHADOWBROKERS泄漏工具中的“EPICHERO”的分析
http://blog.infobytesec.com/2017/05/nsa-shadowbrokers-leak-analyzing.html
在DNS的视角看WannaCry
http://www.nominum.com/tech-blog/wannacry-views-dns-frontline/
常见的多行查询bypass总结
http://www.math1as.com/index.php/archives/471/
一个简单的分布式WEB扫描器的设计与实践
http://avfisher.win/archives/676
PHPCMS MT_RAND SEED CRACK致authkey泄露
QQ Browser 9.6 API 权限控制问题导致泄露隐私模式
https://www.n0tr00t.com/2017/05/17/QQBrowser-Infoleak-27552.html
MSSQL DBA权限获取WEBSHELL的过程
http://fuping.site/2017/05/16/MSSQL-DBA-Permission-GET-WEBSHELL/
一个基于云的本地文件包含,多家公司受影响
http://panchocosil.blogspot.cl/2017/05/one-cloud-based-local-file-inclusion.html
MemoryMonRWX:通过实时记录和控制内存访问检测内核模式Rootkit
https://igorkorkin.blogspot.gr/2017/03/memorymonrwx-detect-kernel-mode.html
Windows: COM Aggregate Marshaler/IRemUnknown2 Type Confusion EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=1107
MacOS uses an insecure swap file
https://bugs.chromium.org/p/project-zero/issues/detail?id=1131
Apple iOS < 10.3.2 – Notifications API Denial of Service Home Exploit
https://www.exploit-db.com/exploits/42014/
Eternalblue exploit for Windows 8/2012
https://gist.github.com/worawit/074a27e90a3686506fc586249934a30e
趋势科技Interscan Web Security虚拟设备(IWSA)6.5 SP2 XSS
https://cxsecurity.com/issue/WLB-2017050118
SAP客户:确保您的SAPJVM是最新的!
http://codewhitesec.blogspot.com/2017/05/sap-customers-make-sure-your-sapjvm-is.html
发表评论
您还未登录,请先登录。
登录