每日攻防资讯简报[Feb.23th]

0x00漏洞1.游戏Paper Mario（马里奥）的任意代码执行漏洞PoChttps://www.youtube.com/watch?v=UVcBHUY90DY 2.Keybase桌面客户端的文件在磁盘上以明文存储，使攻击者能够读取Cache和uploadtemps目录中的用户私人图片https://johnjhacking.com/blog/cve-2021-23827/ 3.Windows Server 2012全版本的DLL劫持漏洞https://blog.vonahi.io/srclient-dll-hijacking/ 4.Persis高级人力资源软件的在线申请门户网站的HTML注入漏洞（CVE-2020-35753）https://slashcrypto.org/2021/02/20/CVE-2020-35753/ 5.RpcEptMapper注册表Key权限漏洞Exploit (Windows 7 / 2088R2 / 8 / 2012)https://github.com/itm4n/Perfusionhttps://itm4n.github.io/windows-registry-rpceptmapper-exploit/ 6.ManiMed：Hamilton Medical AG – HAMILTON-T1呼吸机漏洞https://insinuator.net/2021/02/manimed-hamilton-medical-ag-hamilton-t1-ventilator-vulnerabilities/ 7.Genymot ………………………………