はじめに 対象イベント 読み方、使い方 Remote Code Execution(RCE) 親ディレクトリ指定によるopen_basedirのバイパス PHP-FPMのTCPソケット接続によるopen_basedirとdisable_functionsのバイパス JavaのRuntime.execでシェルを実行 Cross-Site Scripting(XSS) nginx環境でHTTPステータスコードが操作できる場合にCSPヘッダーを無効化 GoogleのClosureLibraryサニタイザーのXSS脆弱性 WebのProxy機能を介したService Workerの登録 括弧を使わないXSS /記号を使用せずに遷移先URLを指定 SOME(Same Origin Method Execution)を利用してdocument.writeを順次実行 SQL Injection MySQ
GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. ActionKit by Paragon - Connect to 130+ SaaS integrations (e.g. Slack, Salesforce, Gmail) with Paragon’s ActionKit API. Adfin - The only platform you need to get paid - all payments in one place, in
Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 | MSRC Blog | Microsoft Security Response Center
Apply the Latest Security Updates To address these vulnerabilities, Microsoft recommends customers apply the latest security updates. Please review the Apache CVEs and the Apache security advisory for further details: Apache Log4j 2.x CVEs: CVE-2021-44228 and CVE-2021-45046 Apache security advisory: Apache Log4j Security Vulnerabilities All systems, including those that are not internet facing, ar
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.67.1: The update addresses this security issue. Update 1.67.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welcome to the April 2022 release of Visual Studio Code. There are many updates in this version that we hope
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.53.1: The update addresses these security issues. Update 1.53.2: The update addresses these issues. Downloads: Windows: x64 Arm64 | Mac: Intel | Linux: deb rpm tarball Arm snap Welcome to the January 2021 release of Visual Studio Code. There are a number of updates in this version that we hope you wi
It is now 45+ years since C++ was first conceived. As planned, it evolved to meet challenges, but many developers use C++ as if it was still the previous millennium. This is suboptimal from the perspective of ease of expressing ideas, performance, reliability, and maintainability. Here, I present the key concepts on which performant, type safe, and flexible C++ software can be built: resource mana
Try Mastering Emacs for free! Are you struggling with the basics? Have you mastered movement and editing yet? When you have read Mastering Emacs you will understand Emacs. It’s that time again: there’s a new major version of Emacs and, with it, a treasure trove of new features and changes. Notable features include the formal inclusion of native compilation, a technique that will greatly speed up y
Rust for Secure IoT Applications: Why C Is Getting Rusty
www.embedded-world.eu Rust for Secure IoT Applications Why C Is Getting Rusty Mario Noseda, Fabian Frei, Andreas Rüst, Simon Künzli Zurich University of Applied Sciences (ZHAW) Institute of Embedded Systems (InES) Winterthur, Switzerland mario.noseda@zhaw.ch, fabian.frei@zhaw.ch, andreas.ruest@zhaw.ch, simon.kuenzli@zhaw.ch Abstract— Memory corruption is still the most used type of exploit in toda
Mini-post: Digraphs and Trigraphs | ENOSUCHBLOG C alternative tokens - Wikipedia Why are there digraphs in C and C++? - Stack Overflow Purpose of Trigraph sequences in C++? A brief description of Normative Addendum 1 Designated initializer # These allow you to specify which elements of an object (array, structure, union) are to be initialized by the values following. The order does not matter! str
Cloud9 で SAM を利用し AWS サービス毎の請求額を毎日 Slack に通知する | DevelopersIO
Cloud9 を利用して AWS のサービス毎の料金を毎日 Slack に通知する仕組みを作成しました。 コーヒーが好きな emi です。 AWSサービス毎の請求額を毎日 Slack に通知するため、以下のブログ AWSサービス毎の請求額を毎日Slackに通知してみた を見ながら設定しようとしたのですが、手元の Windows 11 端末に AWS CLI、AWS SAM CLI、Python などの開発環境を整えるのが面倒…!!と思いました。 そこで、AWS Cloud9 を使って手軽に一時的な開発環境を構築し、AWS Serverless Application Model (SAM) でサーバレス通知システムを構築しました。 AWS Serverless Application Model (SAM) とは AWS SAM は、サーバーレスアプリケーション構築用のオープンソースフレー
Following up from the last post, there is a lot more we need to cover. This was intended to be the post where we talk exclusively about benchmarks and numbers. But, I have unfortunately been perfectly taunted and status-locked, like a monster whose “aggro” was pulled by a tank. The reason, of course, is due to a few folks taking issue with my outright dismissal of the C and C++ APIs (and not showi
Autotools: a tutorial
Embedded Linux Conference 2016 GNU Autotools: a tutorial Free Electrons - Embedded Linux, kernel, drivers and Android - Development, consulting, training and support. http://free-electrons.com 1/99 Thomas Petazzoni I CTO and Embedded Linux engineer at Free Electrons I Embedded Linux specialists. I Development, consulting and training. I http://free-electrons.com I Contributions I Kernel support fo
Django for Startup Founders: A better software architecture for SaaS startups and consumer apps
In an ideal world, startups would be easy. We'd run our idea by some potential customers, build the product, and then immediately ride that sweet exponential growth curve off into early retirement. Of course it doesn't actually work like that. Not even a little. In real life, even startups that go on to become billion-dollar companies typically go through phases like: Having little or no growth fo
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
【2020年】CTF Web問題の攻撃手法まとめ - こんとろーるしーこんとろーるぶい
April 2022 (version 1.67)
January 2021 (version 1.53)
21st Century C++ – Communications of the ACM
What's New in Emacs 28.1?
Lesser known tricks, quirks and features of C
cuneicode, and the Future of Text in C