每日安全动态推送(5-7)

Tencent Security Xuanwu Lab Daily News

• secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki:
https://seclists.org/fulldisclosure/2024/May/4

   ・ 介绍了Drupal-Wiki中的多个持久性跨站脚本(XSS)漏洞 – SecTodayBot


• Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution:
https://thehackernews.com/2024/05/critical-tinyproxy-flaw-opens-over.html

   ・ Tinyproxy服务存在关键性未修补的安全漏洞,影响超过50%的90,310个主机,建议用户立即更新到最新版本并不要将Tinyproxy服务暴露在公共互联网上。  – SecTodayBot


• Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes:
https://dirkjanm.io/lateral-movement-and-hash-dumping-with-temporary-access-passes-microsoft-entra/

   ・ 绍了如何滥用临时访问通行证进行横向移动和在本地 NT 哈希转储的内容 – SecTodayBot


• Why Your VPN May Not Be As Secure As It Claims:
https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

   ・ VPN连接存在的安全漏洞,可以被攻击者利用DHCP服务器来窃听用户的流量,绕过VPN的保护 – SecTodayBot


• Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer):
https://evren.ninja/multiple-vulnerabilities-in-opendevin.html

   ・ 揭示了Open Devin(Autonomous AI Software Engineer)应用程序中的路径遍历和DNS重新绑定漏洞 – SecTodayBot


• Analysis of ArcaneDoor Threat Infrastructure Suggests Potential Ties to Chinese-based Actor:
https://censys.com/analysis-of-arcanedoor-threat-infrastructure-suggests-potential-ties-to-chinese-based-actor/

   ・ 塔洛斯发现思科防火墙产品中的三个零日漏洞,并在调查中发现了一个名为“ArcaneDoor”的威胁行动。该行动针对全球政府拥有的边界网络设备,其中的漏洞已被利用 – SecTodayBot


• Linksys Router Flaws Exposed, Poc Published, Patch Unavailable!:
https://securityonline.info/cve-2024-33788-cve-2024-33789-linksys-e5600-router/

   ・ Linksys E5600路由器存在严重安全漏洞,可能导致远程命令执行。 – SecTodayBot


• GitHub – ivision-research/burpscript:
https://github.com/ivision-research/burpscript

   ・ Burpscript为Burp Suite添加了动态脚本能力,允许使用Python或Javascript编写脚本来操作HTTP请求和响应。该工具支持Python 3和JavaScript,可用于操纵代理或其他工具的请求和响应,具有条件地丢弃请求和响应、快速启用/禁用脚本等特性 – SecTodayBot


• Netscaler ADC and Gateway, Version 13.1-50.23:
https://bishopfox.com/blog/netscaler-adc-and-gateway-advisory

   ・ 该文章披露了Netscaler ADC和Gateway产品中的一个新漏洞,详细分析了漏洞的根本原因,并提供了利用漏洞所需的漏洞利用或POC – SecTodayBot


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(5-7)

版权声明:admin 发表于 2024年5月7日 下午2:00。
转载请注明:每日安全动态推送(5-7) | CTF导航

相关文章