64 matches found
How to Set Up Syslog to Capture Logs Real Time on a Central Location
This article describes how set up a Syslog server when you are experiencing issues across multiple XenServers and need to capture logs real-time on a central location...
GHSA-XRVH-RVC4-5M43 Kirby vulnerable to unrestricted file upload of user avatar images
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. The attack requires user interaction by another user or visitor and cannot be automated. ---- Introduction Unrestricted upload of files with a dangerous type is a type o...
NVIDIA DGX-2 安全漏洞
The NVIDIA DGX-2 is a high-performance workstation for deep learning from NVIDIA, Inc. The NVIDIA DGX-2™ is NVIDIA's first 2 petaFLOPS appliance to integrate 16 NVIDIA V100 Tensor core GPUs, making it an excellent platform for tackling complex AI challenges. A security vulnerability exists in...
Wa-Tunnel - Tunneling Internet Traffic Over Whatsapp
This is a Baileys based piece of code that lets you tunnel TCP data through two Whatsapp accounts. This can be usable in different situations, for example network carriers that give unlimited whatsapp data or airplanes where you also get unlimited social network data. It's using Baileys since it'...
Free VPN Amnezia Helps Users Avoid Censorship in Russia
Amnezia, a free virtual private network, allows users to set up their own servers, making it harder for Moscow to block this portal to the outside world...
“Don’t touch that server. Ralf set that up, and we don’t know what it does.”
Based on a true story… More than a couple of decades ago, I went to work for a network and web company as their customer marketing department. It was a crazy time. Online marketing was all about getting on DMOZ, Lycos was still a puppy, asking Jeeves felt like talking to an AI, and how you laid o...
WhiteBeam - Transparent Endpoint Security
Transparent endpoint security Features Block and detect advanced attacks Modern audited cryptography: RustCrypto for hashing and encryption Highly compatible: Development focused on all platforms incl. legacy and architectures Source available: Audits welcome Reviewed by security researchers with...
keycloak vulnerable to unauthorized login via mail server setup
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'...
HCL Technologies HCL Verse Information Disclosure Vulnerability
HCL Technologies HCL Verse is a mobile application from HCL Technologies India that allows access to emails and life plan management.A security vulnerability exists in versions of HCL Technologies HCL Verse for Android prior to version 12.0.9, which stems from a server setup and login process in...
CVE-2021-27768
Using the ability to perform a Man-in-the-Middle MITM attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode...
HCL Technologies HCL Verse 信任管理问题漏洞
HCL Technologies HCL Verse is a mobile application from HCL Technologies India that allows access to emails and life plan management.A security vulnerability exists in versions of HCL Technologies HCL Verse for Android prior to version 12.0.9, which stems from a server setup and login process in...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Northwave Log4j CVE-2021-44228 checker Friday 10 December 202...
CVE-2021-40444 PoC - Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution)
Malicious docx generator to exploit CVE-2021-40444 Microsoft Office Word Remote Code Execution Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 docx file You need to install lcab first...
Simple-Live-Data-Collection - Simple Live Data Collection Tool
How it works? 1- Build server 2- Connect with admin and client to server 3- To collect information, send the request to the server through the admin, and then to the client Installation git clone https://github.com/LetsDefend/Simple-Live-Data-Collection Server cd server python main.py Admin cd...
Cross site scripting
Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated XSS vulnerabilities via the 1 customList%5B0%5D.value field in enginemanager/server/serversetup/editadv.htm of the Server Setup configuration or the 2 host field in enginemanager/jspringsecuritycheck of the login form. This issu...
CVE-2019-19802
In Gallagher Command Centre Server v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without...
Privilege escalation
In Gallagher Command Centre Server v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without...
keycloak: keycloak uses hardcoded open dummy domain for new accounts enabling information disclosure
A flaw was found in Keycloak. The use of an open hard-coded domain can allow an unauthorized login by setting up a mail server and resetting the user credentials, enabling information disclosure...
Ruby on Rails: File writing by Directory traversal at actionpack-page_caching and RCE by it
I found a directory traversal in actionpack-pagecaching. Some code may lead to RCE. https://github.com/rails/actionpack-pagecaching/blob/master/lib/actioncontroller/caching/pages.rbL143 ruby def cachefilepath, extension if path.empty? || path = %r\A/+\z name = "/index" else name =...
Joomla! cross-site scripting vulnerability (CNVD-2019-15994)
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site scripting vulnerability exists in Joomla! versions prior to 3.9.3,...