【威胁通告】HP Ink Printers远程代码执行漏洞CVE-2018-5924,CVE-2018-5925
近日,HP官方发布通告称部分喷墨打印机(HP Ink Printers)存在2个高危的远程代码执行漏洞,攻击者可以通过发送恶意构造的文件给受影响的设备,造成栈溢出,从而远程执行代码。
【漏洞分析】Gitea 1.4.0未授权远程代码执行漏洞
近日,Gitea 1.4.0版本的LFS模块出现了一个绕过登录验证未授权创建LFS对象的漏洞,由此漏洞引申出了一条非常漂亮的攻击链,值得好好学习。
【威胁通告】Modx Revolution远程代码执行漏洞CVE-2018-1000207
近日,Modx官方发布通告称其Modx Revolution 2.6.4及之前的版本存在2个高危漏洞,攻击者可以通过该漏洞远程执行任意代码,从而获取网站的控制权或者删除任意文件。
An Analysis of the vBulletin 5.x Remote Code Execution Exploit
vBulletin is a commercial Internet forum software package, boasting tens of thousands of users which are growing rapidly worldwide. It is written in the PHP web language and uses the MySQL database. Owing to its large user base, vBulletin is frequently reported to have vulnerabilities. In NSFOCUS Vulnerability Database (NSVD), there are 49 entries related to vBulletin, most of which are SQL injection vulnerabilities. The vulnerability disclosed this time is of a relatively high risk level, known as remote code execution (RCE). Theoretically, an attacker can exploit this vulnerability to execute arbitrary code or even take complete control of a forum that uses this program.