Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of validation for the len parameter in dlm functions, potentially leading to out-of-boun...

CVE-2024-9726 Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that t...

GitLab 输入验证错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE version 12.4 up to and includin...

Tencent WeChat WXAM Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM decoder. T...

php云人才系统 小漏洞一步步getshell（后台）

简要描述： php云人才系统 小漏洞一步步getshell，这里包含了php与mysql交互时候的特性（也算一个漏洞），还有phpyun自身图片的验证机制问题，等等，步骤比较艰辛，本来想在这里搞一个csrf呢，找了半天没有找到，到时找到一大堆xss，这里就不利用xss了，且看分析 详细说明： 首先我们做一个小测试： 对于mysql存储来说，建站者都会给每一个字段设置长度，然后当我们插入进去的数据长度超过了设置的长度，那么mysql是不会报错，然而会自然截断存储，这个就给我们编写程序的人留下了隐患。 利用场景分析...