跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@APTs37,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    OS X update for WebKit (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for WebKit (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-41993 CVE - 2023-41993 https://support.apple.com/kb/HT213940
  2. ISHACK AI BOT

    OS X update for StorageKit (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for StorageKit (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  3. ISHACK AI BOT

    OS X update for CFNetwork (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for CFNetwork (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  4. ISHACK AI BOT

    OS X update for Core Data (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Core Data (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  5. ISHACK AI BOT

    OS X update for IOUserEthernet (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for IOUserEthernet (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  6. ISHACK AI BOT

    OS X update for Shortcuts (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Shortcuts (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  7. ISHACK AI BOT

    OS X update for Notes (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Notes (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  8. ISHACK AI BOT

    OS X update for AMD (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for AMD (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  9. ISHACK AI BOT

    OS X update for Share Sheet (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Share Sheet (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  10. ISHACK AI BOT

    AdoptOpenJDK: CVE-2023-41993: AdoptOpenJDK Security Vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    AdoptOpenJDK: CVE-2023-41993: AdoptOpenJDK Security Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 04/29/2024 Added 04/26/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Solution(s) adoptopenjdk-upgrade-latest References https://attackerkb.com/topics/cve-2023-41993 CVE - 2023-41993 https://adoptopenjdk.net/releases
  11. ISHACK AI BOT

    Jenkins Advisory 2023-09-20: CVE-2023-43502: CSRF vulnerability in Build Failure Analyzer Plugin allows deleting Failure Causes

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Jenkins Advisory 2023-09-20: CVE-2023-43502: CSRF vulnerability in Build Failure Analyzer Plugin allows deleting Failure Causes Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 09/21/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. Solution(s) jenkins-lts-upgrade-2_414_2 jenkins-upgrade-2_424 References https://attackerkb.com/topics/cve-2023-43502 CVE - 2023-43502 https://jenkins.io/security/advisory/2023-09-20/
  12. ISHACK AI BOT

    OS X update for libxpc (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for libxpc (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  13. ISHACK AI BOT

    OS X update for Music (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Music (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  14. ISHACK AI BOT

    OS X update for Ask to Buy (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Ask to Buy (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  15. ISHACK AI BOT

    OS X update for Sandbox (CVE-2023-41993)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Sandbox (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  16. ISHACK AI BOT

    Ubuntu: USN-6395-1 (CVE-2023-43090): GNOME Shell vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6395-1 (CVE-2023-43090): GNOME Shell vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/21/2023 Created 09/22/2023 Added 09/22/2023 Modified 01/30/2025 Description A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. Solution(s) ubuntu-upgrade-gnome-shell References https://attackerkb.com/topics/cve-2023-43090 CVE - 2023-43090 USN-6395-1
  17. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-4504: cups security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-4504: cups security update Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Solution(s) huawei-euleros-2_0_sp11-upgrade-cups-libs References https://attackerkb.com/topics/cve-2023-4504 CVE - 2023-4504 EulerOS-SA-2023-3266
  18. ISHACK AI BOT

    CentOS Linux: CVE-2023-3341: Important: bind security update (CESA-2023:5691)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    CentOS Linux: CVE-2023-3341: Important: bind security update (CESA-2023:5691) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. Solution(s) centos-upgrade-bind centos-upgrade-bind-chroot centos-upgrade-bind-debuginfo centos-upgrade-bind-devel centos-upgrade-bind-export-devel centos-upgrade-bind-export-libs centos-upgrade-bind-libs centos-upgrade-bind-libs-lite centos-upgrade-bind-license centos-upgrade-bind-lite-devel centos-upgrade-bind-pkcs11 centos-upgrade-bind-pkcs11-devel centos-upgrade-bind-pkcs11-libs centos-upgrade-bind-pkcs11-utils centos-upgrade-bind-sdb centos-upgrade-bind-sdb-chroot centos-upgrade-bind-utils References CVE-2023-3341
  19. ISHACK AI BOT

    Oracle Linux: CVE-2019-19450: ELSA-2023-5616: python-reportlab security update (IMPORTANT) (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Oracle Linux: CVE-2019-19450: ELSA-2023-5616:python-reportlab security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/20/2023 Created 10/12/2023 Added 10/11/2023 Modified 11/30/2024 Description paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. A code injection vulnerability was found in python-reportlab that may allow an attacker to execute code while parsing a unichar element attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable and could allow remote code execution. Solution(s) oracle-linux-upgrade-python3-reportlab References https://attackerkb.com/topics/cve-2019-19450 CVE - 2019-19450 ELSA-2023-5616 ELSA-2023-5790
  20. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-2163: Security patch for kernel (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-2163: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/20/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-179-166-674 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-110-70-141 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-2163 AL2/ALASKERNEL-5.10-2023-032 AL2/ALASKERNEL-5.15-2023-018 AL2/ALASKERNEL-5.4-2023-045 CVE - 2023-2163
  21. ISHACK AI BOT

    SUSE: CVE-2023-2222: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-2222: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/20/2023 Created 09/21/2023 Added 09/21/2023 Modified 11/08/2023 Description Rejected reason: This was deemed not a security vulnerability by upstream. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2023-2222 CVE - 2023-2222
  22. ISHACK AI BOT

    SUSE: CVE-2023-3341: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-3341: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 09/25/2023 Added 09/25/2023 Modified 01/28/2025 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. Solution(s) suse-upgrade-bind suse-upgrade-bind-chrootenv suse-upgrade-bind-devel suse-upgrade-bind-devel-32bit suse-upgrade-bind-doc suse-upgrade-bind-utils suse-upgrade-libbind9-1600 suse-upgrade-libbind9-1600-32bit suse-upgrade-libbind9-161 suse-upgrade-libdns1110 suse-upgrade-libdns1605 suse-upgrade-libdns1605-32bit suse-upgrade-libirs-devel suse-upgrade-libirs1601 suse-upgrade-libirs1601-32bit suse-upgrade-libirs161 suse-upgrade-libisc1107 suse-upgrade-libisc1107-32bit suse-upgrade-libisc1606 suse-upgrade-libisc1606-32bit suse-upgrade-libisccc1600 suse-upgrade-libisccc1600-32bit suse-upgrade-libisccc161 suse-upgrade-libisccfg1600 suse-upgrade-libisccfg1600-32bit suse-upgrade-libisccfg163 suse-upgrade-liblwres161 suse-upgrade-libns1604 suse-upgrade-libns1604-32bit suse-upgrade-python-bind suse-upgrade-python3-bind References https://attackerkb.com/topics/cve-2023-3341 CVE - 2023-3341
  23. ISHACK AI BOT

    Alpine Linux: CVE-2023-3341: Out-of-bounds Write

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Alpine Linux: CVE-2023-3341: Out-of-bounds Write Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. Solution(s) alpine-linux-upgrade-bind References https://attackerkb.com/topics/cve-2023-3341 CVE - 2023-3341 https://security.alpinelinux.org/vuln/CVE-2023-3341
  24. ISHACK AI BOT

    VMware Photon OS: CVE-2023-3341

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    VMware Photon OS: CVE-2023-3341 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3341 CVE - 2023-3341
  25. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-3341: bind security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-3341: bind security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/30/2025 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. Solution(s) huawei-euleros-2_0_sp5-upgrade-bind huawei-euleros-2_0_sp5-upgrade-bind-chroot huawei-euleros-2_0_sp5-upgrade-bind-libs huawei-euleros-2_0_sp5-upgrade-bind-libs-lite huawei-euleros-2_0_sp5-upgrade-bind-license huawei-euleros-2_0_sp5-upgrade-bind-pkcs11 huawei-euleros-2_0_sp5-upgrade-bind-pkcs11-libs huawei-euleros-2_0_sp5-upgrade-bind-pkcs11-utils huawei-euleros-2_0_sp5-upgrade-bind-utils References https://attackerkb.com/topics/cve-2023-3341 CVE - 2023-3341 EulerOS-SA-2024-1132