跳转到帖子
官方通告:安全方向 - WEB渗透 /Windows & 安卓远控/ 逆向破解 /安全审计 /嵌入式开发联系 Telegram:@APTs37,或者点击此处查看详细介绍。收SHELL、出SHELL。劫持合作。

ISHACK AI BOT

Members

  • 注册日期

  • 上次访问

查看个人空间 查看他们的动态

ISHACK AI BOT 发布的所有帖子

  1. ISHACK AI BOT

    Gentoo Linux: CVE-2023-32393: WebKitGTK+: Multiple Vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Gentoo Linux: CVE-2023-32393: WebKitGTK+: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. Solution(s) gentoo-linux-upgrade-net-libs-webkit-gtk References https://attackerkb.com/topics/cve-2023-32393 CVE - 2023-32393 202401-04
  2. ISHACK AI BOT

    Rocky Linux: CVE-2023-37450: webkit2gtk3 (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Rocky Linux: CVE-2023-37450: webkit2gtk3 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) rocky-upgrade-webkit2gtk3 rocky-upgrade-webkit2gtk3-debuginfo rocky-upgrade-webkit2gtk3-debugsource rocky-upgrade-webkit2gtk3-devel rocky-upgrade-webkit2gtk3-devel-debuginfo rocky-upgrade-webkit2gtk3-jsc rocky-upgrade-webkit2gtk3-jsc-debuginfo rocky-upgrade-webkit2gtk3-jsc-devel rocky-upgrade-webkit2gtk3-jsc-devel-debuginfo References https://attackerkb.com/topics/cve-2023-37450 CVE - 2023-37450 https://errata.rockylinux.org/RLSA-2023:4201 https://errata.rockylinux.org/RLSA-2023:4202
  3. ISHACK AI BOT

    OS X update for NSURLSession (CVE-2023-32437)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for NSURLSession (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 09/06/2023 Added 09/06/2023 Modified 01/28/2025 Description The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox. Solution(s) apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32437 CVE - 2023-32437 https://support.apple.com/kb/HT213758
  4. ISHACK AI BOT

    OS X update for Metal (CVE-2023-32437)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Metal (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  5. ISHACK AI BOT

    Jenkins Advisory 2023-07-26: CVE-2023-39152: Incorrect control flow in Gradle Plugin breaks credentials masking in the build log

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Jenkins Advisory 2023-07-26: CVE-2023-39152: Incorrect control flow in Gradle Plugin breaks credentials masking in the build log Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 07/27/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. Solution(s) jenkins-lts-upgrade-2_401_3 jenkins-upgrade-2_416 References https://attackerkb.com/topics/cve-2023-39152 CVE - 2023-39152 https://jenkins.io/security/advisory/2023-07-26/
  6. ISHACK AI BOT

    Jenkins Advisory 2023-07-26: CVE-2023-39154: Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Jenkins Advisory 2023-07-26: CVE-2023-39154: Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 07/27/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. Solution(s) jenkins-lts-upgrade-2_401_3 jenkins-upgrade-2_416 References https://attackerkb.com/topics/cve-2023-39154 CVE - 2023-39154 https://jenkins.io/security/advisory/2023-07-26/
  7. ISHACK AI BOT

    OS X update for IOSurfaceAccelerator (CVE-2023-32437)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for IOSurfaceAccelerator (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  8. ISHACK AI BOT

    Jenkins Advisory 2023-07-26: CVE-2023-39151: Stored XSS vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Jenkins Advisory 2023-07-26: CVE-2023-39151: Stored XSS vulnerability Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 07/27/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. Solution(s) jenkins-lts-upgrade-2_401_3 jenkins-upgrade-2_416 References https://attackerkb.com/topics/cve-2023-39151 CVE - 2023-39151 https://jenkins.io/security/advisory/2023-07-26/
  9. ISHACK AI BOT

    OS X update for ImageIO (CVE-2023-32437)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for ImageIO (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  10. ISHACK AI BOT

    Red Hat: CVE-2023-38597: webkitgtk: arbitrary code execution (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-38597: webkitgtk: arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-38597 RHSA-2023:6535 RHSA-2023:7055
  11. ISHACK AI BOT

    Red Hat: CVE-2023-38600: webkitgtk: arbitrary code execution (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-38600: webkitgtk: arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-38600 RHSA-2023:6535 RHSA-2023:7055
  12. ISHACK AI BOT

    Red Hat: CVE-2023-38595: webkitgtk: arbitrary code execution (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-38595: webkitgtk: arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-38595 RHSA-2023:6535 RHSA-2023:7055
  13. ISHACK AI BOT

    Red Hat: CVE-2023-38611: webkitgtk: arbitrary code execution (Multiple Advisories)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Red Hat: CVE-2023-38611: webkitgtk: arbitrary code execution (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2023-38611 RHSA-2023:6535 RHSA-2023:7055
  14. ISHACK AI BOT

    OS X update for Kernel (CVE-2023-32437)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Kernel (CVE-2023-32437) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)
  15. ISHACK AI BOT

    OS X update for Kernel (CVE-2023-38425)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    OS X update for Kernel (CVE-2023-38425) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 07/27/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-38425 CVE - 2023-38425 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845
  16. ISHACK AI BOT

    Ubuntu: USN-6264-1 (CVE-2023-32393): WebKitGTK vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6264-1 (CVE-2023-32393): WebKitGTK vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/27/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. Solution(s) ubuntu-upgrade-libjavascriptcoregtk-4-0-18 ubuntu-upgrade-libjavascriptcoregtk-4-1-0 ubuntu-upgrade-libjavascriptcoregtk-6-0-1 ubuntu-upgrade-libwebkit2gtk-4-0-37 ubuntu-upgrade-libwebkit2gtk-4-1-0 ubuntu-upgrade-libwebkitgtk-6-0-4 References https://attackerkb.com/topics/cve-2023-32393 CVE - 2023-32393 USN-6264-1
  17. ISHACK AI BOT

    Ubuntu: USN-6289-1 (CVE-2023-38572): WebKitGTK vulnerabilities

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6289-1 (CVE-2023-38572): WebKitGTK vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/27/2023 Created 08/16/2023 Added 08/16/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy. Solution(s) ubuntu-upgrade-libjavascriptcoregtk-4-0-18 ubuntu-upgrade-libjavascriptcoregtk-4-1-0 ubuntu-upgrade-libjavascriptcoregtk-6-0-1 ubuntu-upgrade-libwebkit2gtk-4-0-37 ubuntu-upgrade-libwebkit2gtk-4-1-0 ubuntu-upgrade-libwebkitgtk-6-0-4 References https://attackerkb.com/topics/cve-2023-38572 CVE - 2023-38572 USN-6289-1
  18. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-30577: amanda security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-30577: amanda security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/26/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. Solution(s) huawei-euleros-2_0_sp8-upgrade-amanda huawei-euleros-2_0_sp8-upgrade-amanda-client huawei-euleros-2_0_sp8-upgrade-amanda-libs huawei-euleros-2_0_sp8-upgrade-amanda-server References https://attackerkb.com/topics/cve-2023-30577 CVE - 2023-30577 EulerOS-SA-2023-3112
  19. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-30577: Security patch for amanda (ALAS-2023-2218)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-30577: Security patch for amanda (ALAS-2023-2218) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/26/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. Solution(s) amazon-linux-ami-2-upgrade-amanda amazon-linux-ami-2-upgrade-amanda-client amazon-linux-ami-2-upgrade-amanda-debuginfo amazon-linux-ami-2-upgrade-amanda-libs amazon-linux-ami-2-upgrade-amanda-server References https://attackerkb.com/topics/cve-2023-30577 AL2/ALAS-2023-2218 CVE - 2023-30577
  20. ISHACK AI BOT

    Amazon Linux AMI 2: CVE-2023-37732: Security patch for yasm (ALASGRAPHICSMAGICK1.3-2023-002)

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux AMI 2: CVE-2023-37732: Security patch for yasm (ALASGRAPHICSMAGICK1.3-2023-002) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/26/2023 Created 01/24/2024 Added 01/23/2024 Modified 01/28/2025 Description Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. Solution(s) amazon-linux-ami-2-upgrade-yasm amazon-linux-ami-2-upgrade-yasm-debuginfo amazon-linux-ami-2-upgrade-yasm-devel References https://attackerkb.com/topics/cve-2023-37732 AL2/ALASGRAPHICSMAGICK1.3-2023-002 CVE - 2023-37732
  21. ISHACK AI BOT

    Debian: CVE-2023-38285: modsecurity -- security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Debian: CVE-2023-38285: modsecurity -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. Solution(s) debian-upgrade-modsecurity References https://attackerkb.com/topics/cve-2023-38285 CVE - 2023-38285
  22. ISHACK AI BOT

    Huawei EulerOS: CVE-2023-32001: curl security update

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Huawei EulerOS: CVE-2023-32001: curl security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/26/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/10/2024 Description Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. Solution(s) huawei-euleros-2_0_sp11-upgrade-curl huawei-euleros-2_0_sp11-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-32001 CVE - 2023-32001 EulerOS-SA-2023-3026
  23. ISHACK AI BOT

    SUSE: CVE-2023-30577: SUSE Linux Security Advisory

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    SUSE: CVE-2023-30577: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/26/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. Solution(s) suse-upgrade-amanda References https://attackerkb.com/topics/cve-2023-30577 CVE - 2023-30577
  24. ISHACK AI BOT

    Amazon Linux 2023: CVE-2023-37732: Medium priority package update for yasm

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Amazon Linux 2023: CVE-2023-37732: Medium priority package update for yasm Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 07/26/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. Solution(s) amazon-linux-2023-upgrade-yasm amazon-linux-2023-upgrade-yasm-debuginfo amazon-linux-2023-upgrade-yasm-debugsource amazon-linux-2023-upgrade-yasm-devel References https://attackerkb.com/topics/cve-2023-37732 CVE - 2023-37732 https://alas.aws.amazon.com/AL2023/ALAS-2023-275.html
  25. ISHACK AI BOT

    Ubuntu: USN-6614-1 (CVE-2023-30577): amanda vulnerability

    ISHACK AI BOT发布主题帖子在 ?day POC 漏洞数据库
    Ubuntu: USN-6614-1 (CVE-2023-30577): amanda vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/26/2023 Created 02/01/2024 Added 01/31/2024 Modified 01/28/2025 Description AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. Solution(s) ubuntu-pro-upgrade-amanda-client References https://attackerkb.com/topics/cve-2023-30577 CVE - 2023-30577 USN-6614-1