Exploit for CVE-2025-57460

CVE-2025-57460 Des: File upload vuln...

Cryptographic Binding Should Not Be Optional: A Formal-Methods Analysis of FIDO UAF Channel Binding

As a case study in cryptographic binding, we present a formal-methods analysis of the cryptographic channel binding mechanisms in the Fast IDentity Online FIDO Universal Authentication Framework UAF authentication protocol, which seeks to reduce the use of traditional passwords in favor of...

Regular Expression Denial of Service (ReDoS)

Overview validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the isEmail function. PoC js var validator = require"validator" function buildattackn var ret = "" for var i = 0; i n; i++ ret +=...

DEF CON 28: ILS and TCAS Spoofing

This post is a companion to the DEF CON 28 video available here The purpose here is to give some practical demonstrations of two kinds of radio frequency spoofing attack against two different types of cockpit instruments that are found in virtually every single commercial aircraft flying today...

Snapchat: Improper Authentication - any user can login as other user with otp/logout & otp/login

'/scauth/otp/droid/logout' request contains userid parameter. Usually it is equal to current user userid, but if an attacker passes userid of victim account he can login as victim. I will demonstrate the problem on two accounts. Victim: ███ Attacker: ██████████ - Attacker perform a usuall login t...

Researchers Bypass Apple FaceID Using Biometrics 'Achilles Heel'

LAS VEGAS – Vulnerabilities have been uncovered in the authentication process of biometrics technology that could allow bad actors to bypass various facial recognition applications – including Apple’s FaceID. But there is a catch. Doing so requires the victim to be out cold. Researchers on...

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

New Relic: Emails and alert policies can be altered by malicious users.

Recreate Steps 1 Create Two Accounts 2 In separate browsers Firefox and Chrome log into each account and go to the edit page a https://rpm.newrelic.com/users//edit 3 Check one of the email or alert boxes and click save. Gather the post. a Should be similar to this:...

Microsoft Office 2007 - msxml5.dll Crash (PoC)

Microsoft Office 2007 - msxml5.dll Crash PoC !/usr/bin/perl -w Title : Microsoft Office 2007 msxml5.dll - Crash Proof Of Concept Tested : Microsoft Office 2007 / Win7 DLL : msxml5.dll 5.20.1072.0 WINWORD.EXE version : 12.0.6612.1000 Author : Mohammad Reza Espargham Linkedin :...

UBUNTU-CVE-2015-2830

arch/x86/kernel/entry64.S in the Linux kernel before 3.19.2 does not prevent the TSCOMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the 1 fork or 2 close system call, as demonstrated b...

Hornbill Supportworks ITSM 1.0.0 SQL Injection

Summary SQL Injection Vulnerability in ITSM component of Hornbill Supportworks Application CVE number: CVE-2013-2594 Impact: High Vendor homepage: http://www.hornbill.com Vendor notified: 19/11/2012 Vendor response: This issue has reportedly been fixed but the vendor refused to give version...

libxml 2.6.12 nanoftp - Local Buffer Overflow

libxml 2.6.12 nanoftp - Local Buffer Overflow / libxml 2.6.12 nanoftp bof POC infamous42mdAThotpopDOTcom n00b localho outernet gcc -Wall libsuxml.c -lxml2 n00b localho outernet ./a.out Usage: ./a.out align n00b localho outernet netstat -ant | grep 7000 n00b localho outernet ./a.out 0xbfff0360...

MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method

BodyRefreshLoadsJPU:refresh is a new navigation method tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. It also works after applying the patch for method caching attack. OS Ver: "Windows XP Cn ver"...

mail_bof.txt

Subject: Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug To: [email protected] Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug by The Shadow Penguin Securuty http://shadowpenguin.backsection.net 1. Introduction I confirmed many kin...