Sshuttle - Transparent Proxy Server That Works As A Poor Man'S VPN. Forwards Over SSH

As far as I know, sshuttle is the only program that solves the following common case: Your client machine or router is Linux, FreeBSD, or MacOS. You have access to a remote network via ssh. You don't necessarily have admin access on the remote network. The remote network has no VPN, or only...

KLA11690 Multiple vulnerabilities in Microsoft Open Source Software

Vulnerability in Application Inspector can be exploited remotely via script injection to execute arbitrary code. Original advisories CVE-2020-0872 Related products Microsoft-Windows-10 CVE list CVE-2020-0872 high KB list Solution Install necessary updates from the KB section, that are listed in...

SQL Injection Vulnerability in DM Website Building System (CNVD-2020-23764)

DM enterprise building system is developed by php + mysql a set of specialized in small and medium-sized enterprise website construction of open source cms. DM website building system has a SQL injection vulnerability , attackers can use the vulnerability to obtain sensitive information on the...

Netdata - Real-time Performance Monitoring

Netdata is distributed, real-time, performance and health monitoring for systems and applications. It is a highly-optimized monitoring agent you install on all your systems and containers. Netdata provides unparalleled insights , in real-time , of everything happening on the systems it runs...

OSSEC-HIDS Path Traversal Vulnerability

OSSEC-HIDS is an open source intrusion detection tool. OSSEC-HIDS suffers from a path traversal vulnerability. The vulnerability stems from a failure of a network system or product to properly filter for specific elements in a resource or file path. An attacker could exploit the vulnerability to...

Introducing Microsoft Application Inspector

Modern software development practices often involve building applications from hundreds of existing components, whether they’re written by another team in your organization, an external vendor, or someone in the open source community. Reuse has great benefits, including time-to-market, quality, a...

SQL Injection Vulnerability in Super CMS da***.ma***.php

Super CMS content management system in order to solve the problem of website optimization and development of a set of products, it is an efficient open source content management system, the product is based on PHP + MYSQL architecture, can run on Windows, Linux, MacOSX, Solaris and other various...

Magento cross-site scripting vulnerability (CNVD-2019-40743)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. Magento has a cross-site scripting vulnerability. Attackers can use this vulnerability to execute client-side cod...

Magento Remote Code Execution Vulnerability (CNVD-2019-40728)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A remote code execution vulnerability exists in Magento. An attacker can exploit this vulnerability to execute co...

Magento Arbitrary File Deletion Vulnerability

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. Magento arbitrary file deletion vulnerability , an attacker can use the vulnerability to delete arbitrary files...

Supply-Chain Security and Trust

The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. Solving this problem ­ which is...

DetExploit - Software That Detect Vulnerable Applications, Not-Installed OS Updates And Notify To User

DetExploit is software that detect vulnerable applications and not-installed important OS updates on the system, and notify them to user. As we know, most of cyberattacks uses vulnerability that is released out year before. I thought this is huge problem, and this kind of technology should be mor...

SQL injection vulnerability in ASK2 Q&A system backend (CNVD-2019-30154)

ASK2 Q&A is an open source PHP question and answer program. There is a SQL injection vulnerability in the backend of ASK2 Q&A System, which can be exploited by attackers to obtain sensitive information from the database...

Modifying a Tesla to Become a Surveillance Platform

From DefCon: At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras­ -- the...

Countdown to Black Hat: Top 10 Sessions to Attend — #9 and #10

With Black Hat USA 2019 now in progress, we wrap up this blog series with our final two session recommendations: Attacking and Defending the Microsoft Cloud and Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale. Attacking and Defending t...

imagemagick/encoder_heic_fuzzer: Heap-buffer-overflow in derive_collocated_motion_vectors

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5743506502451200 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderheicfuzzer Fuzz target binary: encoderheicfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

XSS Vulnerability at JEESNS Group Posts

JEESNS is an open source social management system developed on the JAVA enterprise level platform. JEESNS group posts at the existence of XSS vulnerability , an attacker can be exploited to inject arbitrary Web script or HTML...

KLA11435 SB vulnerability in Microsoft Products (OSS)

A security feature bypass vulnerability was found in Microsoft Products Open Source Software. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2019-0816 Related products Microsoft-Azure CVE list CVE-2019-0816 warning KB list 4491476 Solution...

Component vReview SQL Injection Vulnerability in Joomla!

Joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the Joomla! component vReview. An attacker can exploit the vulnerability to obtain sensitive database information...

LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)

Exploit Title: LayerBB 1.1.2 - Cross-Site Request Forgery Date: 10/4/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com Version: 1.1.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-17996 1. Description: LayerBB is a free open-source forum software, the CSRF...