文章预览
Tencent Security Xuanwu Lab Daily News • CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery: https://blog.rapid7.com/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/ ・ Automation 360 Robotic Process Automation suite v21-v32存在未经身份验证的服务器端请求伪造(SSRF)漏洞,可能导致攻击者执行任意网络请求 – SecTodayBot • Abusing RCU callbacks with a Use-After-Free read to defeat KASLR: https://anatomic.rip/abusing_rcu_callbacks_to_defeat_kaslr/ ・ 一种利用滥用RCU回调的Use-After-Free读取来打败KASLR的技术。 – SecTodayBot • Introduction: https://tudoor.net/ ・ 介绍了一种名为TuDoor的新型DNS攻击,发现了三种逻辑漏洞,提出了三种新型攻击。攻击涉及使用格式错误的DNS响应数据包进行DNS缓存污染、拒绝服务和资源消耗攻击。 – SecTodayBot • H1d3r/GPU_ShellCod
………………………………
