| ts | title | url |
|---|
| ts | title | url |
|---|---|---|
| 20210406 | 俄罗斯网络空间攻击特点与模式 | https://mp.weixin.qq.com/s/oMy1EDOYPT82ec5QEdiIVA |
| 20210406 | Dragos《2020年度工控网络安全回顾》 | https://mp.weixin.qq.com/s/ceASNJrgKkqgzlCnxNps7Q |
| 20210406 | 驱动病毒那些事(完结)----劫持 | https://www.sec-in.com/article/997 |
| 20210406 | As-Exploits-部分后渗透模块 | https://mp.weixin.qq.com/s/8G0il9gIkubI1w15gOBX6A |
| ts | cve_id | title | url | cve_detail |
|---|---|---|---|---|
| 20210406T22:48:44Z | 未知编号 | Null | https://github.com/jessica0f0116/cve_2021_1732 | 未查询到CVE信息 |
| 20210406T16:17:13Z | CVE-2021-30149 | RCE 0day (Orion Hridoy) | https://github.com/orionhridoy/CVE-2021-30149 | Composr 10.0.36 allows upload and execution of PHP files. |
| 20210406T16:15:58Z | CVE-2021-21972 | [CVE-2021-21972] VMware vSphere Client Unauthorized File Upload to Remote Code Execution (RCE) | https://github.com/murataydemir/CVE-2021-21972 | The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2). |
| 20210406T16:15:26Z | CVE-2021-30150 | XSS Discovered By: Orion Hridoy | https://github.com/orionhridoy/CVE-2021-30150 | Composr 10.0.36 allows XSS in an XML script. |
| 20210406T10:44:28Z | CVE-2021-30109 | Froala Persistent XSS | https://github.com/Hackdwerg/CVE-2021-30109 | |
| 20210406T10:26:41Z | CVE-2021-22986 | CVE-2021-22986 & F5 BIG-IP RCE | https://github.com/Al1ex/CVE-2021-22986 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. |
| 20210406T09:29:49Z | CVE-2021-30146 | Seafile 7.0.5 Persistent XSS | https://github.com/Security-AVS/CVE-2021-30146 | Seafile 7.0.5 (2019) allows Persistent XSS via the %share of library functionality.% |
| 20210406T09:17:43Z | CVE-2021-3297 | Null | https://github.com/Sec504/Zyxel-NBG2105-CVE-2021-3297 | On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. |
| 20210406T08:21:28Z | CVE-2021-3156 | Exploit for Sudo heap overflow (CVE-2021-3156) on Debain 10 | https://github.com/0xdevil/CVE-2021-3156 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via %sudoedit -s% and a command-line argument that ends with a single backslash character. |
| 20210406T02:14:31Z | CVE-2021-21300 | Null | https://github.com/fengzhouc/CVE-2021-21300 | Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won%t work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. before cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6. |
| ts | title | url | stars | forks |
|---|---|---|---|---|
| 20210406T21:02:59Z | Null | https://github.com/nithinsai263/kleensecurity | 0 | 0 |
| 20210406T19:57:32Z | RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs. | https://github.com/project-oak/rust-verification-tools | 117 | 10 |
| 20210406T16:28:11Z | Personal Blog | https://github.com/klee1611/klee1611.github.io | 0 | 0 |
| 20210406T14:05:47Z | Website for the KLEE project: https://klee.github.io/ | https://github.com/klee/klee.github.io | 14 | 43 |
| 20210406T04:12:36Z | Null | https://github.com/abbykleespie/Assignment4AbbyKleespie.appstudio | 0 | 0 |
| 20210406T03:53:43Z | Null | https://github.com/bboysteed/klee_test | 0 | 0 |
| ts | title | url | stars | forks |
|---|
| ts | title | url | stars | forks |
|---|---|---|---|---|
| 20210406T23:13:33Z | This repository contains tools developed to hack CS:GO. | https://github.com/samdobsonDEV/csgo-exploits | 0 | 0 |
| 20210406T23:12:08Z | A collection of curated Java Deserialization Exploits | https://github.com/Coalfire-Research/java-deserialization-exploits | 523 | 208 |
| 20210406T23:11:53Z | Red team & penetration testing tools to exploit the capabilities of Intel AMT | https://github.com/Coalfire-Research/DeathMetal | 236 | 31 |
| 20210406T23:06:12Z | An anti exploit engine made for Roblox. | https://github.com/Madonox/MadX-Anti-Exploit | 0 | 0 |
| 20210406T23:03:19Z | Simple python exploits used in CTFs and other things | https://github.com/memN0ps/Malicious | 1 | 1 |
| 20210406T22:29:55Z | Microbiome Analysis Powered By Recursive Quasi-species Networks: Uncovering rules of organization, competition, succession and exploitation | https://github.com/zeroknowledgediscovery/qbiome | 0 | 0 |
| 20210406T22:25:47Z | Null | https://github.com/tnomelly/exploits | 0 | 0 |
| 20210406T22:17:23Z | A Discord bot that detects and bans users who attempt to speak while appearing as muted or deafened. | https://github.com/Caeden117/VCMuteExploitDetectionBot | 0 | 0 |
| 20210406T22:08:15Z | Public Exploits | https://github.com/Kitsun3Sec/exploits | 4 | 1 |
| 20210406T22:07:49Z | A open-sourced ROBLOX exploit library | https://github.com/iamtryingtofindname/Artemis | 0 | 0 |
| ts | title | url | stars | forks |
|---|---|---|---|---|
| 20210406T23:34:29Z | Null | https://github.com/CrimRock/backdoor | 0 | 0 |
| 20210406T21:12:31Z | TrojanZoo provides a universal pytorch platform to conduct security researches (especially backdoor attacks/defenses) of image classification in deep learning. | https://github.com/ain-soph/trojanzoo | 56 | 10 |
| 20210406T20:27:12Z | The Yuka Takaoka is an advanced type backdoor made by myself (Ihatestick) this version is 0.2 beta | https://github.com/Ihatestick/Yuka-Takaoka | 1 | 0 |
| 20210406T11:57:13Z | A curated list of backdoor learning resources | https://github.com/THUYimingLi/backdoor-learning-resources | 204 | 34 |
| 20210406T11:40:07Z | hidden Backdoor in Python | https://github.com/ilovehcking/Backdoor_JUSTIN | 0 | 0 |
| 20210406T08:53:21Z | Null | https://github.com/xpf/Backdoor-Learning-arXiv | 1 | 0 |
| 20210406T08:29:44Z | OWASP ZAP add-on containing the web-backdoors and attack files from FuzzDB | https://github.com/zaproxy/fuzzdb-offensive | 6 | 6 |
| 20210406T07:30:06Z | Hidden backdoor attack on NMT | https://github.com/chichidd/HiddenBackdoorNMT | 0 | 0 |
| 20210406T02:41:31Z | Invisible, customizable backdoor for Minecraft Spigot Plugins. | https://github.com/ThiccIndustries/Minecraft-Backdoor | 2 | 2 |
| 20210406T02:41:15Z | Null | https://github.com/kietbuiduc2020/reserve_backdoor-listener | 0 | 0 |
| ts | title | url | stars | forks |
|---|---|---|---|---|
| 20210406T23:24:13Z | REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR%s RESTler), that enables developers to embed security tooling into their CI/CD workflows | https://github.com/microsoft/rest-api-fuzz-testing | 129 | 22 |
| 20210406T23:19:46Z | Null | https://github.com/nadavRazT/fuzzer | 0 | 0 |
| 20210406T23:12:10Z | Autofuze has been developped to provide a full toolkit to fuzz and pentest several protocols used in automotive industry such as USB, XCP, UDS, CAN. Everything is done in Python to provide a convenient way to develop automated test. | https://github.com/DanAurea/AutoFuze | 0 | 0 |
| 20210406T22:55:55Z | Command line helpers for fuzzing | https://github.com/rust-fuzz/cargo-fuzz | 729 | 59 |
| 20210406T22:52:03Z | Desde luego si genoveva | https://github.com/triomens/fuzzytry | 0 | 0 |
| 20210406T22:22:41Z | RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. | https://github.com/microsoft/restler-fuzzer | 739 | 75 |
| 20210406T22:10:45Z | A case study of a fuzzer in the Java Language | https://github.com/fuzzing-unb/jfuzzer | 1 | 1 |
| 20210406T21:59:28Z | A kotlin implementation of sublime text editor%s fuzzy search | https://github.com/android-password-store/sublime-fuzzy | 0 | 0 |
| 20210406T21:44:40Z | A self-hosted Fuzzing-As-A-Service platform | https://github.com/microsoft/onefuzz | 2305 | 123 |
| 20210406T21:21:13Z | Software for fuzzing, used on web application pentestings. | https://github.com/NESCAU-UFLA/FuzzingTool | 48 | 8 |