Telegram Web Link
bootg.com » United States » ✿QChWnd🇹🇼 » Telegram Web
✿QChWnd🇹🇼
https://developer.nvidia.com/blog/nvidia-transitions-fully-towards-open-source-gpu-kernel-modules/
NVIDIA Technical Blog
NVIDIA Transitions Fully Towards Open-Source GPU Kernel Modules
With the R515 driver, NVIDIA released a set of Linux GPU kernel modules in May 2022 as open source with dual GPL and MIT licensing. The initial release targeted datacenter compute GPUs…
197 views
✿QChWnd🇹🇼
https://blog.mo60.cn/index.php/archives/1Panel_SQLinjection2Rce.html
blog.mo60.cn
1Panel面板前台sql注入到网站功能rce漏洞(CVE-2024-39911) - JunBlog
0x00 1Panel 架构1Panel 大致架构如下,面板本身是运行在宿主机上的,搭建的网站运行的其他服务等都是在docker内请求日志,访问日志是在1panel/openresty容器里面...
200 views
✿QChWnd🇹🇼
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-7m53-pwp6-v3f5
GitHub
1Panel panel frontend SQL injection to website functionality RCE vulnerability
## 0x1 测试版本

专业版 v1.10.10-lts
社区版 v1.10.10-lts
1panel/openresty:1.21.4.3-3-1-focal


## 0x2 影响范围

网站监控功能影响 == 1panel/openresty:1.21.4.3-3-1-focal
WAF功能影响 <= 1panel/openresty:1.21.4...
198 views
✿QChWnd🇹🇼
https://fixupx.com/GamersNexus/status/1814460419932606601
FixupX
GamersNexus (@GamersNexus)
Talking about tips we are currently researching relating to Intel's CPU instability problems, including oxidation claims, excessive voltage, and more: https://www.youtube.com/watch?v=gTeubeCIwRw
218 views
✿QChWnd🇹🇼
Forwarded from 灰色天空风向标
【漏洞通知】

1panel面板存在SQL注入漏洞可导致远程命令执行,影响较大,尽快自查建议尽快处理。

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6
205 views
✿QChWnd🇹🇼
Forwarded from 灰色天空风向标
Telegram安卓应用曝出0day漏洞,允许恶意文件伪装成视频进行传播

2024年7月22日,ESET研究人员披露Telegram存在一个名为“EvilVideo”的零日漏洞,该漏洞影响 Telegram v10.14.4 及更早版本。利用这一漏洞,攻击者可以在Telegram频道、聊天和群组中,将恶意 Android APK 伪装成视频文件传播。

该漏洞最初被发现于2024年6月6日,当时ESET研究人员在一个地下论坛上看到了一则关于该漏洞的广告。化名“Ancryno”的卖家以未公开的价格出售该零日漏洞,声称其适用于Telegram版本10.14.4及更早版本。于是ESET追踪到相关频道,获取恶意负载并进行详细分析。

分析结果显示,“EvilVideo”漏洞仅在 Telegram 的 Android 版本中有效,允许攻击者创建特制的 APK 文件,而这些文件在发送给其他用户时会显示为视频格式。在默认设置下,Telegram 应用会自动下载媒体文件,因此频道参与者一打开对话就会在设备上接收到恶意负载。对于已禁用自动下载的用户,单击视频预览也会启动文件下载。而当用户尝试播放假视频时,Telegram 会弹出使用外部播放器提示窗口,这可能导致接收者点击“打开”按钮并执行恶意负载。


Telegram用户如果最近有收到请求使用外部应用播放的视频文件,保险起见最好进行一次杀毒扫描。Telegram视频文件通常会存储在 '/storage/emulated/0/Telegram/Telegram Video/'(内部存储)或 '/storage/<SD Card ID>/Telegram/Telegram Video/'(外部存储)之中。
289 views
✿QChWnd🇹🇼
Forwarded from 科技圈🎗在花频道📮
macOS 后门“HZ Rat”瞄准钉钉和微信用户,米哈游域名vpn.mihoyo[.]com涉及其中

自2024 年 6 月,卡巴斯基安全团队发现了 macOS 版本的 HZ Rat 后门,该后门针对的是企业通讯工具 DingTalk 和社交网络及消息平台微信的用户。该后门能根据远程服务器执行shell命令,并收集设备信息及文件(包括微信用户信息,钉钉公司名和用户信息)。

此外,根据 VirusTotal 的说法,上面提到的安装包之前是从中国视频游戏开发商 MiHoYo 的域名下载的。目前尚不清楚该文件是如何进入合法域名的,以及该公司是否遭到黑客攻击。

卡巴斯基

☘️ 关注频道 @ZaiHua
📮 投稿爆料 @ZaiHuabot
181 views
✿QChWnd🇹🇼
Forwarded from LoopDNS资讯播报
Please open Telegram to view this post
VIEW IN TELEGRAM
187 views
✿QChWnd🇹🇼
Forwarded from Pavel Durov (Paul Du Rove)
🔎 Search on Telegram is more powerful than in other messaging apps because it allows users to find public channels and bots. Unfortunately, this feature has been abused by people who violated our Terms of Service to sell illegal goods.

💪 Over the last few weeks, a dedicated team of moderators, leveraging AI, has made Telegram Search much safer. All the problematic content we identified in Search is no longer accessible. If you still manage to find something unsafe or illegal in Telegram Search, please report it to us via @SearchReport.

🚫 To further deter criminals from abusing Telegram Search, we have updated our Terms of Service and Privacy Policy, ensuring they are consistent across the world. We’ve made it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to relevant authorities in response to valid legal requests.

☝️ These measures should discourage criminals. Telegram Search is meant for finding friends and discovering news, not for promoting illegal goods. We won't let bad actors jeopardize the integrity of our platform for almost a billion users.
Please open Telegram to view this post
VIEW IN TELEGRAM
182 views
✿QChWnd🇹🇼
Forwarded from Yuzuki
xboard的Server中间件没给token参数加required,也就是说token为空的情况下相当于token验证逻辑整个就没了。在用xboard的注意一下,自己往 app/Http/Middleware/Server.php 文件中27行下面加个required就行了(如图)
393 views
✿QChWnd🇹🇼
Forwarded from Yuzuki
没token验证那就谁都能去请求后端接口呗,节点配置和用户的uuid都能看到
237 views
✿QChWnd🇹🇼
https://github.com/cedar2025/Xboard/blob/912cb397ea6ef970fe7747b3569fb61981a99d52/app/Http/Middleware/Server.php#L27-L34
GitHub
Xboard/app/Http/Middleware/Server.php at 912cb397ea6ef970fe7747b3569fb61981a99d52 · cedar2025/Xboard
High-performance panel based on V2board secondary development supporting new protocols and new features - cedar2025/Xboard
269 views
✿QChWnd🇹🇼
Please open Telegram to view this post
VIEW IN TELEGRAM
314 views
✿QChWnd🇹🇼
https://www.usenix.org/system/files/usenixsecurity24-hoang.pdf
297 views
✿QChWnd🇹🇼
在機場 Client 同化,subscription 由於通常包含 panel 自帶規則而基礎 length 較長且同化以致總 length 同化的背景下,我認為中國各地 ISP 在接入層透過統計學方式篩選和干擾 subscription domain 是可能的。
在此之前通常透過對有 DNS/HTTP(S) 請求的 domain 進行特徵 path 掃描,及透過 SNS 軟體、輸入法軟體、browser、中國國產 OS/UI 上報及識別 subscription link。
在 subscription link 之 path 增長/變換方案已經普及的今天,我仍認為開發更具對抗性質的 subscription method 是有其必要性的。
237 viewsedited  
✿QChWnd🇹🇼
https://gfw.report/publications/ndss25/en/
225 views
✿QChWnd🇹🇼
https://github.com/bron1e/Clash-Verge-Rev-RCE

(1)Use DNS Rebinding + 0.0.0.0 day to upgrade CSRF, bypass S
(2)The -d and -f options are fixed in the source code, and Rust has good defense against command injection, so it is difficult to directly reverse shell. However, log_file is also controllable and can write specific content.
156 viewsedited  
✿QChWnd🇹🇼
https://gfw.report/publications/sp25/en/
GFW Report
A Wall Behind A Wall: Emerging Regional Censorship in China
We characterized the provincial-level censorship in Henan and compared it to the national GFW. The Henan Firewall conducts TLS SNI-based and HTTP Host-based censorship, inspecting and blocking traffic leaving the province. While Henan Firewall is less sophisticated…
93 views
2025/06/26 13:02:51
Back to Top
HTML Embed Code: