GHSA-77Q4-M83Q-W76V Missing Origin Validation in browserify-hmr

Versions of browserify-hmr prior to 0.4.0 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...

CVE-2020-24115

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access...

CVE-2020-24115

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access...

Hardcoded credentials

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access...

CVE-2020-24115

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access...

Hack-Tools - The All-In-One Red Team Extension For Web Pentester

The all-in-oneRed Team browser extension for Web Pentesters HackTools, is a web extension facilitating your web application penetration tests , it includes cheat sheets as well as all the tools used during a test such as XSS payloads, Reverse shells and much more. With the extension you no longer...

Iran-Linked 'Newbie' Hackers Spread Dharma Ransomware Via RDP Ports

A group of ‘script kiddies’ tied to Iran are targeting companies worldwide with internet-facing Remote Desktop Protocol RDP ports and weak credentials in order to infect them with Dharma ransomware. The Dharma malware also known as Crysis has been distributed as a ransomware-as-a-service RaaS mod...

CVE-2020-14201

Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code...

Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection

Title: Pharmacy Medical Store and Sale Point 1.0 - 'catid' SQL Injection Exploit Author: Moaaz Taha 0xStorm Date: 2020-08-18 Vendor Homepage: https://www.sourcecodester.com/php/14398/pharmacymedical-store-sale-point-using-phpmysql-bootstrap-framework.html Software Link:...

CVE-2020-11733

An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin...

House Rental 1.0 SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://projectworlds.in Software Link:...

Travel Management System 1.0 SQL Injection

Exploit Title: Travel Management System v1.0 - SQLi Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec and Bobby Cooke boku Date: August 10, 2020 Vendor Homepage: https://www.projectsworld.in Software Link: https://projectworlds.in/wp-content/uploads/2019/06/travel.zip Version: 1.0 Tested...

Arbitrary file read vulnerability in zblogphp 1.5.1

Z-Blog is an open source program based on Asp and PHP platforms. Z-Blog background arbitrary file reading vulnerability, attackers can use the vulnerability to obtain the site source code...

CTF-challenges-by-me

This is an offensive tool for CTF challenges. It is a collection of exploits and challenges from various CTF events, including 0ctffinal-2017 and 0ctfquals-2018. The repository contains a variety of challenges, including web security, pwnable, and cryptography challenges. The challenges are...

Hackers Dump 20GB of Intel's Confidential Data Online

More than 20 gigabytes of proprietary data and source code from chipmaker Intel Corp. was dumped online by a third party, likely the result of a data breach from earlier this year. The announcement of the “first 20gb release in a series of large Intel leaks” was made by user and IT consultant...

Intel leaks – Hacker posts 20GB of alleged Intel source code, files online

By Waqas "This is the first 20GB release in a series of large Intel leaks" the developer claimed. This is a post from HackRead.com Read the original post: Intel leaks - Hacker posts 20GB of alleged Intel source code, files online...

Chinese Hackers Have Pillaged Taiwan's Semiconductor Industry

A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more...

Stock Management System 1.0 - Authentication Bypass

Exploit Title: Stock Management System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Date: August 1, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0 Tested On: Windows 10...

Stock Management System 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Stock Management System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html...

Daily Expenses Management System 1.0 SQL Injection

Exploit Title: Daily Expenses Management System 1.0 - 'username' SQL Injection Exploit Author: Daniel Ortiz Date: 2020-08-01 Vendor Homepage: https://www.sourcecodester.com/php/14372/daily-tracker-system-phpmysql.html Tested on: XAMPP Version 5.6.40 / Windows 10 Software Link:...