-
### Describe the bug
Regression Tests doesn't have YAML files for following attack and rules of different Paranoia Level
Paranoia Level 1
===========
REQUEST-942-APPLICATION-ATTACK-SQLI = 942…
srikr updated
4 years ago
-
Hello,
A security issue has been discovered in another popular Archiving SDK, ZipArchive, which can lead to arbitrary file overwrite. The archive can potentially contain path traversal file names, …
-
There is a new Zero-Day-Exploit in Java systems possible, called "Log4-Shell" on systems which use Apache Log4J.
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
If I grep over the source I get s…
-
# Description of the LOTP tool
MAVEN, you got it already.
# ENV Configuration
Since version 3.9, MAVEN support MAVEN_ARGS env variable as parameter.
In addition to that, you can run (and d…
tr4l updated
6 months ago
-
攻擊者學號:B10815052
被攻擊者學號與網址:B10815062 @yochan0412 https://demo.yochan.live/
漏洞類型:XSS(upload file)
漏洞描述
上傳php檔裡面使用
```
alert(1)
```
這樣php flag的檢查就會被掠過
PoC
```
alert(1)
```
…
-
## CVE-2016-1000027 - Critical Severity Vulnerability
Vulnerable Libraries - spring-web-4.3.9.RELEASE.jar, spring-web-5.2.6.RELEASE.jar
spring-web-4.3.9.RELEASE.jar
Spring Web
Library home page: h…
-
A high-severity security issue within Log4j2 was recently disclosed publicly (see https://nvd.nist.gov/vuln/detail/CVE-2021-44228 for more details). **Anyone** using Log4j2 should upgrade to version 2…
-
背景:目前xray和xpoc所编写的yaml的poc是将完整的url替换掉,这种方式不能对攻击payload在各个参数处进行替换,例如不能实现像内置的poc-go-apache-log4j2-rce一样的效果
问题:在 https://github.com/chaitin/xray/issues/1727 和 https://github.com/chaitin/xray/issues/84…
-
Following up https://github.com/wazuh/wazuh/issues/11375:
Log4J v2.15.0 is vulnerable to limited RCE and log4j 2.16.0 is vulnerable to DoS
https://access.redhat.com/security/cve/cve-2021-45046:…
-
Hello team,
We are using ClamAv software to scan virus in one of our application.
But we came across one issue where in ClamAV is unable to detect Trojan whereas other software's were able to dete…