168 matches found
Zabbix 3.4.7 Cross Site Scripting
Exploit Title: Zabbix 3.4.7 - Stored XSS Date: 30-03-2021 Exploit Author: Radmil Gazizov Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/rn/rn3.4.7 Version: 3.4.7 Tested on: Linux Reference - https://github.com/GloryToMoon/POCcodes/blob/main/zabbixstoredxss347.txt 1...
Exploit for Server-Side Request Forgery in Microsoft
CVE-2021-26855PoC My early SSRF payloads CVE-2021-26855 ove...
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft
CVE-2020-1337 CVE-2020-1337 is a bypass of PrintDemon...
CVE-2020-1313
An elevation of privilege vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations, aka ‘Windows Update Orchestrator Service Elevation of Privilege Vulnerability’. Recent assessments: bwatters-r7 at September 18, 2020 9:01pm UTC reported: This...
PlayStation: Authorization Token on PlayStation Network Leaks via postMessage function
Description After some analysis on how playstation network authentication work, I came across a certain pattern of how authorization tokens are handled. The web application utilizes postMessage function to exchange authorization tokens between windows/frames. To simplify this, let's follow on one...
CVE-2020-8862
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from t...
Exploit for Improper Certificate Validation in Microsoft
It is an offensive tool for network detection, specifically a Ze...
Steam 0 day vulnerability affects 1 billion users-vulnerability warning-the black bar safety net
! The Steam platform is currently the most popular game platform steam has over 1 million registered users, with millions of users simultaneously participate in the game. Researchers in the Steam games Windows the client found a 0-day privilege escalation vulnerability, exploit the vulnerability...
From DirectX to the Windows Kernel--a few of the CVE vulnerability analysis-vulnerability warning-the black bar safety net
One, Foreword Operating systemthe kernel is each vulnerability the use of chain final goal, we can view the Zero Day Initiative ZDI Pwn2Own calendar year, race, and understand this aspect of the content. Windows kernel has always been the attacker keen to target, my favorite is the abuse of the...
Vulnerability to cause a Windows system crash, hardware experts published PoC exploit code-exploit warning-the black bar safety net
Bitdefender company researcher Marius Tivadar on GitHub released a PoC code, even if the computer is locking the case in a few seconds cause Windows computers to crash. ! The PoC code is the use of Microsoft processing an NTFS file system image process in the presence of a vulnerability, the code...
Microsoft Credential Security Support Provider - Remote Code Execution
credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal Karni, Preempt [email protected] Build Instructions Linux If you are usin...
A “Patch for the Meltdown Patch” released out of band Thursday night
The Meltdown/Spectre saga continues… Late Thursday, Microsoft released a patch for Windows 7 and Server 2008 R2 operating systems to resolve CVE-2018-1038. Apparently, this vulnerability was actually introduced by the patches released in January to mitigate the effects of Meltdown. Microsoft did...
Memcached DDoS Attack PoC Code & 17,000 IP addresses Posted Online
By Waqas For the last few days, hackers have been using vulnerable Memcached This is a post from HackRead.com Read the original post: Memcached DDoS Attack PoC Code & 17,000 IP addresses Posted Online...
Tunna - Set Of Tools Which Will Wrap And Tunnel Any TCP Communication Over HTTP
Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. SUMMARY TLDR: Tunnels TCP connections over HTTP In a fully firewalled inbound and outbound connections restricted - except the...
15-Year-Old Apple macOS 0-Day Kernel Flaw Disclosed, Allows Root Access
A security researcher on New Year's eve made public the details of an unpatched security vulnerability in Apple's macOS operating system that can be exploited to take complete control of a system. On the first day of 2018, a researcher using the online moniker Siguza released the details of the...
Uber: The Microsoft Store Uber App Does Not Implement Server-side Token Revocation
Summary The Microsoft Store Uber App Windows Phone Architecture does not properly revoke or expire a rider's x-uber-token upon app signout. Security Impact When a user logs out/signs off of the app, the logout process is handled only locally on the application side, and without any type of...
November Patch Tuesday: 53 Vulnerabilities and a Massive Adobe Update
This November Patch Tuesday is moderate in volume and severity. Microsoft released patches to address 53 unique vulnerabilities, with 25 focused on Remote Code Execution fixes. Windows OS receives 14 patches, while the lion's share is focused on Browsers, Microsoft Office, and Adobe. According to...
Shocked! Google not going to fix the Chrome in the RCE vulnerability-vulnerability warning-the black bar safety net
Chrome 60 before all the old versions are affected by a remote code execution vulnerability. An anonymous researcher through Beyongd Security's SecuriTeam secure disclosure program will issue to inform Google. Google responded that it does not plan to solve this problem, because it does not affec...
Metasploit Wrapup
Metasploit Hackathon We were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and large. @bcook started the...
Starbucks: Missing CSRF Token On Remove Coupun From Cart
Hi, When remove coupun, there's no CSRF token, at this time i use ███████ Coupun to reproduce it. Vuln Request POST /on/demandware.store/Sites-Teavana-Site/default/Cart-RemoveCoupon HTTP/1.1 Host: www.teavana.com User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; rv:53.0 Gecko/20100101 Firefox/53.0...