IP Obfuscator - Simple Tool To Convert An IP Into Integer, Hexadecimal Or Octal Form

IP Obfuscator is a simple tool written in python to convert an IP into different obfuscated forms. This tool will help you to obfuscate host addresses into integer, hexadecimal or octal form. What is Obfuscation? "In software development, obfuscation is the deliberate act of creating source or...

Rockwell Automation Allen-Bradley PowerMonitor 1000 Authentication Bypass

Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/ Version: 1408-EM3A-ENT B Tested on: It is a proprietary devices:...

FreeBSD-SA-18:14.bhyve

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:14.bhyve Security Advisory The FreeBSD Project Topic: Insufficient bounds checking in bhyve8 device model Category: core Module: bhyve Announced: 2018-12-04...

KPOT Botnet - File Download/Source Code Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: KPOT Botnet - File Download/Source Code Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: https://bhf.io/threads/515432/ Version: unkn0wn Tested on: Window...

KPOT Botnet Arbitrary File Disclosure

Exploit Title: KPOT Botnet - File Download/Source Code Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: https://bhf.io/threads/515432/ Version: unkn0wn Tested on: Windows 10, debian 7 CVE : n/a Vuln-Code: download.php PoC:...

Mail.ru: source code leak

A fragment of source code was available for download on flash.terrhq.ru...

Navigate CMS File Disclosure

File disclosure vulnerability in Navigate CMS navigatedownload.php id parameter Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

RubyGems: 65534 times efficient, Brute-force attack for api_key

I have found that type checking for apikey is insufficient in rubygems.org's source code. https://github.com/rubygems/rubygems.org/blob/master/app/controllers/applicationcontroller.rbL63 ruby def authenticatewithapikey apikey = request.headers"Authorization" || params:apikey @apiuser =...

Information Disclosure

Apache Catalina servlets-default is vulnerable to information disclosure. A remote attacker is able to retrieve the contents and source code of files on the server via a direct request...

CVE-2018-19183

ethereumjs-vm 2.4.0 allows attackers to cause a denial of service vm.runCode failure and REVERT via a "code: Buffer.frommycode, 'hex'" attribute. NOTE: the vendor disputes this because REVERT is a normal bytecode that can be triggered from high-level source code, leading to a normal programmatic...

Vignette Content Management 6 Security Bypass Vulnerability

Exploit for php platform in category web applications 0day.today 2018-11-12...

Vignette Content Management 6 Security Bypass

...

Missing Origin Validation

Overview Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

Better WordPress reCAPTCHA <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS)

There is a reflected XSS vulnerability in Better WordPress reCAPTCHA plugin version 2.0.3, and possibly below. The parameter cerror value is reflected in the page when this plugin is enabled. Once plugin disabled, the "cerror" parameter's value is not reflected in the page anymore. This is the HT...

MacOS again appeared vulnerability, known as unbreakable system also has weaknesses-vulnerability warning-the black bar safety net

For convenience of expression, this article will use the first-person manner described. This article describes my in Apple's macOS system kernel found several stack and buffer overflow vulnerabilities, Apple will this several vulnerabilities categorized as the kernel of remote code execution...

CVE-2018-18909

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

CVE-2018-18909

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

Design/Logic Flaw

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

Missing Origin Validation

Overview Versions of parcel-bundler before 1.10.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

Instagram Clone 1.0 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Instagram Clone 1.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/justinwilliam Software Link:...