火线小助手2021年8月27日发布 #1 2021年8月27日星期五 02点57分 已编辑漏洞报告 U.S. Dept Of Defense [#1278891 CVE-2021-29156] LDAP Injection at https://██████ #1300591 Sensitive information on '████████' #1300589 Sensitive information on ██████████ #1280188 https://██████/ Vulnerable to CVE-2013-3827 (Directory-traversal vulnerability) #1243782 CUI labled and ████ Restricted pdf on █████ Squid Cache (IBB) #778610 Squid as reverse proxy RCE and data leak #824753 Cache Poisoning #824203 Cache Manager ACL Bypass #824802 URN Request bypass ACL Checks #824771 UrnState Heap Overflow #824163 Squid leaks previous content from reusable buffer #758445 HTTP Smuggling multiple issues in Squid 3.x & squid 4.x #641240 Basic Authentication Heap Overflow Snapchat #1103448 Organization Members in Snap Kit may Deactivate Apps Nginx (IBB) #1210450 1-byte heap buffer overflow in DNS resolver shopify上的5万美元漏洞赏金分析 $50k bug bounty on Shopify explained (GitHub access token leaked via electron application) - YouTube #1087489 Github access token exposure