Tencent Security Xuanwu Lab Daily News
• Tenda AC6 AC1200 15.03.06.50_multi Cross Site Scripting ≈ Packet Storm:
https://packetstormsecurity.com/files/173029
・ 腾达 AC6 AC1200存在多个XSS漏洞
– Atum
• Apache Flink攻击面探索 – FreeBuf网络安全行业门户:
https://www.freebuf.com/articles/web/370007.html
・ 介绍了Apache Flink的历史漏洞以及相关攻击面
– Atum
• Revamping Binary Analysis with Sampling and Probabilistic Inference:
https://hammer.purdue.edu/articles/thesis/Revamping_Binary_Analysis_with_Sampling_and_Probabilistic_Inference/23542014
・ 一个利用采样和概率推理的二进制分析新思路
– Atum
• A Low-Level Guide To Solidity’s Storage Management:
https://degatchi.com/articles/low_level_guide_to_soliditys_storage_management
・ 介绍EVM的Storage在底层是如何工作的
– Atum
• Description:
https://github.com/ThatLing/limba
・ 一个基于Mixed Boolean-Arithmetic的控制流混淆工具
– Atum
• Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack:
https://thehackernews.com/2023/06/alert-million-of-github-repositories.html
・ github中大量的仓库存在被RepoJacking攻击影响的风险,包括google等知名公司的部分repo。
– Atum
• EJS Vulnerabilities in CTF:
https://blog.huli.tw/2023/06/22/en/ejs-render-vulnerability-ctf/
・ 盘点了CTF中出现的Express js漏洞中具有同一特定pattern的web题目,并提供了详细的分析
– Atum
• Zero Day Initiative — CVE-2022-31696: An Analysis of a VMware ESXi TCP Socket Keepalive Type Confusion LPE:
https://www.zerodayinitiative.com/blog/2023/6/21/cve-2022-31696-an-analysis-of-a-vmware-esxi-tcp-socket-keepalive-type-confusion-lpe
・ VMware ESXI TCP Socket Keppalive 类型混血提权漏洞分析
– Atum
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(6-26)
