EUVD-2026-32539

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Page and Post: from n/a through 2.9.5...

GHSA-66M2-493M-CRH2 Searchor CLI's Search vulnerable to Arbitrary Code using Eval

An issue in Arjun Sharda's Searchor before version v.2.4.2 allows an attacker to execute arbitrary code via a crafted script to the eval function in Searchor's src/searchor/main.py file, affecting the search feature in Searchor's CLI Command Line Interface. Impact Versions equal to, or below 2.4....

GHSA-R6JX-9G48-2R5R Arbitrary code execution due to YAML deserialization

Impact TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. python from tensorflow.keras import models payload = ''' !!python/object/new:type args: 'z', !!python/tuple , 'extend': !!python/name:exec listitems:...

h1-ctf: Grinchs website takendown with various other exploits

The HackyHolidays This is my first HackerOne CTF challenge writeup. Contents: flag1: Day 1 Check the files, robots.txt flag2: Day 2 one more : jquery.min.js flag3: Day 3 People Rater flag4: Day 4 Brute Force, Swag Shop flag5: Day 5 Brute Force, Secure Login flag6: Day 6 Brute Force, My Diary flag...

h1-ctf: Taking Grinch Down To Save Holidays

Hi thank you Hackerone and Adam for organizing the CTF, this had honestly helped me to learn good skills and techniques. The CTF began with the scope: hackyholidays.h1ctf.com and mission to take down grinch So here's a quick visual summary of all the challenges F1131175 F1131176 1. Grinch Robots ...

Web Hacker's Weapons - A Collection Of Cool Tools Used By Web Hackers

A collection of cool tools used by Web hackers. Happy hacking , Happy bug-hunting. Weapons Type | Name | Description ---|---|--- Army-Knife/ALL | BurpSuite | the BurpSuite project Army-Knife/SCAN | jaeles | The Swiss Army knife for automated Web Application Testing Army-Knife/ALL | zaproxy | The...

Arjun v1.1 - HTTP Parameter Discovery Suite

Features Multi-threading 3 modes of detection Regex powered heuristic scanning Huge list of 3370 parameter names Usage Note: Arjun doesn't work with python Note: Arjun uses nano as the default editor for the prompt bu...

XSStrike v3.0 - Most Advanced XSS Detection Suite

Why XSStrike? Every XSS scanner out there has a list of payloads, they inject the payloads and if the payload is reflected into the webpage, it is declared vulnerable but that's just stupid. XSStrike on the other hand analyses the response with multiple parsers and then crafts payloads that are...

Ubuntu: Security Advisory (USN-2985-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 : glibc (ELSA-2015-0863)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0863 advisory. - Fix invalid file descriptor reuse while sending DNS query 1207995, CVE-2013-7423. - Fix buffer overflow in gethostbynamer with misaligned buffer...

RHEL 6 : glibc (RHSA-2015:0863)

Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...