Code injection

The D-Bus security policy files in /etc/dbus-1/system.d/.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged git master on 2015-01-19,...

A simple example of a complex cyberattack

We're already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious...

[SECURITY] Fedora 26 Update: drupal7-views-3.18-1.fc26

You need Views if: You like the default front page view, but you find you want to sort it differently. You like the default taxonomy/term view, but you find you want to sort it differently; for example, alphabetically. You use /tracker, but you want to restrict it to posts of a certain type. You...

The vulnerability of the ap_get_basic_auth_pw() function in the Apache HTTP Server allows attackers to circumvent authentication requirements.

The vulnerability of the apgetbasicauthpw function in the Apache HTTP Server is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass authentication requirements by using external modules...

Cross-Site Scripting (XSS)

forkcms has cross-site scripting XSS vulnerability. The vulnerability is possible because the value returned by the getAllComments function in Frontend/Modules/Blog/Engine/Model.php is not properly escaped, allowing a malicious user to inject and execute arbitrary web script...

[SECURITY] Fedora 25 Update: q-7.11-29.fc25

Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced application...

[SECURITY] Fedora 26 Update: q-7.11-29.fc26

Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced application...

Android Message APP denial of service ddos vulnerability flaws bug(CVE-2017-0780)the use of the research-vulnerability warning-the black bar safety net

0×01 flaws vulnerabilities in the bug description 9 on 7, Trend Micro announced a review of the CVE-2017-0780: rebuff-do flaws vulnerability bug can be incurred Android Message App the collapse of the articles. This morning had confirmed that the flaws vulnerabilities bug on the latest version of...

LaZagne v2.2 - Credentials Recovery Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

EulerOS 2.0 SP2 : python (EulerOS-SA-2017-1186)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Python standard library HTTP client modules such as httplib or urllib did not perform verification of TLS/SSL certificates when connecting to...

Cross-site Scripting (XSS)

automattic/jetpack is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape the $header parameter in the modules/shortcodes/wufoo.php file, allowing a malicious user to inject and execute arbitrary JavaScript...

ICSSPLOIT: A Industrial Control System Exploitation Framework

PenTestIT RSS Feed This framework is based on RouterSploit, which has already been covered on this blog. Infact, that's how I got to know about it - I was checking the source for updates and I found a reference for this Industrial Control System ICS exploitation framework - ICSSPLOIT. ICS securit...

sdnpwn - An SDN Penetration Testing Toolkit

The Open Networking Foundation defines SDN as “The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices”. What this means is that the decision making which would traditionally be performed by a router or a switch i.e...

Siemens Fixes Session Hijacking Bug in LOGO!, Warns of Man-in-the-Middle Attacks

Administrators who have Siemens’ LOGO! logic module deployed in automation setups are being urged to update its firmware. The German industrial manufacturing giant pushed out an update for its LOGO! 8 BM devices Wednesday morning to fix a vulnerability CVE-2017-12734 that could let an attacker...

Revamped Nukebot Malware Changes Targets, Adds Functions

A revamped version of the Nukebot banking trojan dubbed Jimmy Nukebot has shifted focus from stealing bankcard data and now acts as a conduit for quietly downloading malicious payloads for web-injects, cryptocurrency mining, and taking screenshots of targeted systems. The code is a modification o...

Low: Red Hat Security Advisory: rh-nginx110-nginx security update

An update for rh-nginx110-nginx is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Proxy Aware PowerShell C2 Framework: PoshC2

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...

Portia - Automate Techniques Commonly Performed On Internal Network Penetration Tests

Portia aims to automate a number of techniques commonly performed on internal network penetration tests after a low privileged account has been compromised: Privilege escalation Lateral movement Convenience modules Portia is a genus of jumping spider that feeds on other spiders - known for their...

LiveCRM 1.0 SQL Injection

Exploit Title: LiveCRM 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livecrm-complete-business-management-solution/20249151 Demo: http://demo.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on:...

UPDATE: WordPress Exploit Framework v1.6.1!

PenTestIT RSS Feed Wow I seem to have missed a lot of updates lately. This time, I missed an update about WPXF. We now have the WordPress Exploit Framework v1.6.1 amongst us! This new version among other things updates a major bug that occurred while updating the framework and adds multiple new...