Exploit for CVE-2020-1938

CVE-2020-1938 Tomcat AJP Ghostcat Analysis This repository co...

PT-2026-5991

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course bundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whi...

DEDECMS member center code submit defects can getshell

Preface : dedecms this year to update a lot of patches,the present article selected 20170315 patch for learning and research. Body: From the official website to download DEDECMS 20170315 patch using DIFF comparison tools for comparison: See the Red part, the servermsg1 variables appearing in dede...

Use MS17-010 patch comparison of the nine vulnerability-vulnerability warning-the black bar safety net

【Translator's note MS17-010 smoke has been the past two months, each of the attention IT security enthusiasts have learned different things. This translation is of the original author combined with the NSA leak of the Arsenal, by patch contrast from the MS17-010 found in nine holes. The author fr...

Windows Remote Desktop vulnerability Esteemaudit（CVE-2017-9073 patch brief analysis-vulnerability warning-the black bar safety net

In the last month, we have for the equation of the tissue is the leakage of ESTEEMAUDIT vulnerability, wrote a brief analysis, and until we found this exploit only applies to join the Windows domain the computer front, we are trying to reproduce this issue, but relatively speaking, writing the...

CVE-2017-6178: from patch contrast-to-Exploit-vulnerability warning-the black bar safety net

Some time ago in the EDB poking around, saw a driver of a kernel Vulnerability, CVE-2017-6178, like me in learning the Kernel PWN the newbie Natural is not missed:, after debugging analysis after feeling learned a few things, so come and share with everyone. USBPcap is a USB packet capture tool,...

From MS16-098 see a Windows 8.1 kernel exploit-vulnerability warning-the black bar safety net

When I first started contact core vulnerability when I don't have any about the kernel of the experience, not to mention to take advantage of a kernel vulnerability, but I'm always for reverse engineering and exploit techniques are very interested. Initially, my idea was simple: find one not...

The IIS server vulnerability analysis-vulnerability warning-the black bar safety net

4 on 1 to 5 November, in Microsoft's patch day, Microsoft released a more high-risk vulnerabilities, one of MS15-0 3 4 vulnerability that affects most widely, will cause the IIS server to blue screen crash, special circumstances or lead to information disclosure. Alibaba security research...

Open a Nday MS08-0 1 0(CVE-2 0 0 8-0 0 7 6)-vulnerability warning-the black bar safety net

The recent IE holes in a large stack,record what I know: 1. MS08-0 1 0:In addition to the VFP control of at least the TP mentioned above is able to take advantage of. 2. MS08-0 2 2:script ENCODER processing on the hole,but I see you want to use is too difficult,the hints about the patch compariso...