CVE-2018-14941

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...

Code injection

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...

CVE-2018-14941

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...

Microsoft Windows Defender Evasive Executable

This module allows you to generate a Windows EXE that evades against Microsoft Windows Defender. Multiple techniques such as shellcode encryption, source code obfuscation, Metasm, and anti-emulation are used to achieve this. For best results, please try to use payloads that use a more secure...

Starbucks: Backup Source Code Detected

Impact Depending on the nature of the source code disclosed, an attacker can mount one or more of the following types of attacks:•Access the database or other data resources. With the privileges of the account obtained, attempt to read, update or delete arbitrary data from the database. •Access...

Reddit Breach Stems from SMS Two-Factor Authentication Breakdown

Reddit confirmed Wednesday that a hacker broke into its systems and has accessed user data – including email addresses and passwords for accounts. The company said in a post today that the compromise occurred between June 14 and June 18, and it detected the incident on June 19. “We learned that a...

WebRTC - H264 NAL Packet Processing Type Confusion

Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before this loop, and if it is true, the loop extracts and se...

Uber: [experience.uber.com] Node.js source code disclosure & anonymous access to internal Uber documents, templates and tools

A configuration file on experience.uber.com exposed details for the server configuration as well as information about the content hosted on the site. The site itself did require authentication to log in, but this config file was publicly accessible. Other accessible URLs included slide deck...

CMSeeK v1.0.5 - CMS Detection And Exploitation Suite

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.0.5 19-07-2018 - Version 1.0.4...

Spring Data Commons RCE

Remote command execution vulnerability in Spring Data Commons Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

SRCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-17521)

SRCMS is a security emergency response and defect management software. A cross-site request forgery vulnerability exists in SRCMS version 2.3.1. An attacker can exploit this vulnerability by adding a user account via admin.php?m=Admin&c=member&a=add...

BST (Binary String Toolkit) - Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs

The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field. Features Dump files content to standard output in a binary string format...

Ex-NSO Employee Caught Selling Stolen Phone Hacking Tool For $50 Million

A former employee of one of the world's most powerful hacking companies NSO Group has been arrested and charged with stealing phone hacking tools from the company and trying to sell it for $50 million on the Darknet secretly. Israeli hacking firm NSO Group is mostly known for selling high-tech...

ModSecurity 3.0.0 - Cross-Site Scripting Vulnerability

Exploit for linux platform in category web applications Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewall Exploit Author: Adipta Basu Tested on: Mac OS High Sierra CVE: N/A Description:...

ModSecurity 3.0.0 Cross Site Scripting

Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewall Exploit Author: Adipta Basu Tested on: Mac OS High Sierra CVE: N/A Description: ModSecurity 3.0.0 has XSS via an onError...

ModSecurity 3.0.0 - Cross-Site Scripting

ModSecurity 3.0.0 - Cross-Site Scripting. CVE-2018-13065. Webapps exploit for Linux platform. Tags: Cross-Site Scripting XSS Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewa...

CMSeeK - CMS Detection And Exploitation Suite

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.0.0 15-06-2018 Functions Of CMSeek:...

Security Bulletin: Rational Change can be affected by vulnerabilities in the IBM Eclipse Help System (CVE-2013-0464 and CVE-2013-0467)

Summary IBM Rational Change can be affected by two vulnerabilities Cross-site scripting and Help system's source code disclosure by using a specially crafted URL in the IBM Eclipse Help System IEHS, which is used to display the IBM Rational Change help content. Vulnerability Details | Subscribe t...

ReverseAPK - Quickly Analyze And Reverse Engineer Android Packages

Quickly analyze and reverse engineer Android applications. FEATURES: Displays all extracted files for easy reference Automatically decompile APK files to Java and Smali format Analyze AndroidManifest.xml for common vulnerabilities and behavior Static source code analysis for common vulnerabilitie...

Microsoft Windows Kernel 'Win32k.sys' Local Privilege Escalation Vulnerability(CVE-2018-8120)

作者：bigric3 作者博客： 5月15日ESET发文其在3月份捕获了一个 pdf远程代码执行（cve-2018-4990）+windows本地权限提升（cve-2018-8120）的样本。ESET发文后，我从vt上下载了这样一份样本（）。初步逆向，大致明确如外界所传，该漏洞处于开发测试阶段，不慎被上传到了公网样本检测的网上，由ESET捕获并提交微软和adobe修补。测试特征字符串如下 定位样本中关键的代码并调试分析...