微软SMB3协议远程利用0day漏洞 – CVE-2020-0796
0x01漏洞描述CVE-2020-0796是存在于微软服务器SMB协议中的一个“蠕虫化”漏洞,该漏洞未包含 在微软本月发布的补丁中,是在补丁的序言中泄露的。目前微软尚未发布任何技术详情,思科Talos团队和Fortinet公司提供了简短概述,目前尚不清楚该漏洞的补 ...
Vulnerability CVE-2025-26849 in Docusnap: Assessment and Mitigation Strategies
Understanding CVE-2025-26849 in DocusnapRecently discovered, CVE-2025-26849 has identified a critical security flaw within specific versions of Docusnap, a widely used network documentation tool. The vulnerability concerns a hard ...
Addressing CVE-2025-1914: Out of Bounds Read Vulnerability in Google Chrome V8
Understanding CVE-2025-1914: A Critical Vulnerability in Google Chrome Google Chrome, a widely-used browser known for its security measures, was recently identified with a critical vulnerability designated as CVE-2025-1914. This ...
htb打靶-Bastard
信息收集1nmap -sV -sT -sC -O 10.129.10.80 开放了80,135,重点显然是在web上面了 查看首页,drupal cms google一下找到专用扫描器 1https://github.com/immunIT/drupwn 给出了版本7.54但是发现扫不出,换工具! nday利用换searchsploi ...
CVE-2025-1915: Addressing Pathname Limitation Vulnerability in Google Chrome
Understanding CVE-2025-1915: A Google Chrome VulnerabilityThe vulnerability identified as CVE-2025-1915 pertains to Google Chrome, specifically affecting the DevTools component on Windows systems previous to version 134.0.6998.35 ...
关于COM口{A6BFEA43-501F-456F-A845-983D3AD7B8F0} BypassUAC研究
前言今天上线的机器,通过用DLL劫持和注册表进行BypassUac发现很不行。win10下的360可能不杀可能杀,注册表通过修改ShellCommand来实现ByPassUAC的操作。过于敏感,而DLL劫持BypassUAC用久后又会被杀。今天翻文章看到头像哥的COM口bypassuac。发现 ...
Understanding and Mitigating CVE-2025-1916: Use After Free Vulnerability in Google Chrome
Introduction to CVE-2025-1916An important security vulnerability identified as CVE-2025-1916 has been discovered in Google Chrome. This pertains to a use after free issue in the Profiles component of the browser, potentially allo ...
Understanding CVE-2025-1917: Mitigating UI Spoofing Vulnerabilities in Google Chrome
Overview of CVE-2025-1917Google Chrome, one of the most widely used internet browsers, recently disclosed a security vulnerability identified as CVE-2025-1917. This vulnerability affects the User Interface (UI) implementation in ...
联动套娃挖洞bp+awvs+xray
burp 配置第一层代理配置awvs的流量会经过这里 第二层代理配置流量会经过burp后转发给xray xray 配置1./xray_darwin_arm64 webscan --listen 127.0.0.1:7777 --html-output ./out/vul.html AWVS配置启动容器我这里使用docker起的一个 ...
Understanding and Mitigating CVE-2025-1918: Out of Bounds Read in Google Chrome
Introduction to CVE-2025-1918The Common Vulnerabilities and Exposures (CVE) identifier CVE-2025-1918 pertains to an out of bounds read in the PDFium component of Google Chrome, specifically affecting versions prior to 134.0.6998. ...