Aggregator

当前环境异常，请完成验证以继续访问。

Sandfly 5.0.6作为维护更新发布，修复了操作系统侦察数据大小增加和扫描日志错误报告改进的问题。非关键更新，建议有需要的用户参考文档升级。

作者分享了一个早期AI项目的构想,涉及深度网络架构、隐私和大语言模型等非传统方向,并寻求具备相关技术背景且乐于探索创新方法的合作者共同推进这一项目。

最近因为一些原因，重新玩DC系列靶机。在几个小伙伴的讨论下有把DC-9靶机弄出了两种解题方法

A vulnerability was found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. It has been classified as critical. This affects an unknown part of the component sysctl. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-21638. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.9/6.13-rc6. Affected is an unknown function. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-21635. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component sctp. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-21636. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6 and classified as critical. Affected by this issue is some unknown functionality of the component sysctl. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-21637. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.9/6.13-rc6. This affects the function thread_group_cputime of the component sqpoll. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-21633. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.9/6.13-rc6. It has been classified as critical. Affected is the function get_online_cpus of the component cpuset. The manipulation leads to deadlock. This vulnerability is traded as CVE-2025-21634. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. This issue affects the function bfq_split_bfqq of the component block. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-21631. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.71/6.12.9/6.13-rc6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component fpu. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2025-21632. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

本文主要探讨已经能够通过漏洞实现addrOf()、fakeObject()这样的原语后，如何最终实现程序流完整控制的通用手法。从提出新型Fakearray构造方式以绕过JSArray.elements结构校验，又介绍了WASM函数完整调用流程以及LazyCompile,从而提出一种基于覆盖Instance对象的jump_start_table的控制程序流方法

文章介绍了一个PHP类`Locker`，用于实现文件锁机制以防止并发冲突。该类提供获取（`wait`）、释放（`release`）和检查（`isLocked`）锁的方法，并支持超时设置与自动资源清理。

A vulnerability was found in Matterdaddy Matterdaddy Market 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation of the argument msg leads to cross site scripting. The identification of this vulnerability is CVE-2008-4056. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Mcgallerypro mcGallery 1.1. It has been declared as problematic. This vulnerability affects unknown code of the file admin.php. The manipulation of the argument lang leads to cross site scripting. This vulnerability was named CVE-2008-6211. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in MapCal 0.1 and classified as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2008-6038. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Linux Kernel up to 6.12.9/6.13-rc6. It has been classified as problematic. This affects the function nfs_netfs_init_request. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-57927. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.71/6.12.9/6.13-rc6. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2024-57926. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.