CVE-2019-13227

In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled...

CVE-2019-13226

deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/ in the Helper::temporaryMountDevice function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a...

CVE-2019-13226

CVE-2019-13226 affects deepin-clone (prior to 1.1.3). The issue arises from a predictable path used in Helper::temporaryMountDevice() (/tmp/.deepin-clone/mount/) to mount a filesystem as root. An unprivileged user can create a symlink at this path and, by racing, mount the filesystem at an arbitr...

CVE-2018-17841

SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter...

Sql injection

SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter...

CVE-2018-17841

SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter...

CVE-2018-17841

CVE-2018-17841 affects Scriptzee Flippa Marketplace Clone 1.0. The vulnerability is an SQL injection in the site-search functionality exposed via the sortBy or sortDir parameters. NVD metrics show CVSS v3 base score 9.8 (CRITICAL) with NETWORK attack vector, no privileges required, and high impac...

Changing public flag in Repository Permissions does not reflect on mirrors

h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...

Facebash - Facebook Brute Forcer In Shellscript Using TOR

Facebook Brute Forcer in shellscript using TOR IG: @thelinuxchoice Legal disclaimer: Usage of Facebash for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not...

Arbitrary Code Execution

Red Hat Gluster Storage is a software only scale-out storage solution that provides flexible and affordable unstructured data storage. It unifies data storage and infrastructure, increases performance, and improves availability and manageability to meet enterprise-level storage challenges. Red Ha...

drAFL - AFL + DynamoRIO = Fuzzing Binaries With No Source Code On Linux

Original AFL supports black-box coverage-guided fuzzing using QEMU mode. I highly recommend to try it first and if it doesn't work you can try this tool. Usage You need to specify DRRUNPATH to point to drrun launcher and LIBCOVPATH to point to libbinafl.so coverage library. You also need to switc...

Zeebsploit - Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...

QRLJacker v2.0 - QRLJacking Exploitation Framework

QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to show how it is easy to hijack services that depend on the QR Code as an authentication and login method, Mainly it aims to raise security awareness regarding all the services using the QR Code a...

Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting

Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software Link : https://www.phpscriptsmall.com/product/fiverr-clone-scrip...

Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: email protected Vendor Homepage: https://www.phpscriptsmall.com Software Link :...

Fiverr Clone Script 1.2.2 - SQL Injection Cross-Site Scripting

Fiverr Clone Script 1.2.2 - SQL Injection Cross-Site Scripting Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software...

Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection

Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software Link : https://www.phpscriptsmall.com/product/fiverr-clone-scrip...

Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: email protected Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software Link :...

Airbnb Clone Script - Multiple SQL Injection

Exploit Title: Homey BNB Airbnb Clone Script - Multiple SQL Injection Date: 27.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.doditsolutions.com/airbnb-clone-script/ Demo Site: http://sitedemos.in/homeybnb/ Version: V4 Tested on: Kali Linux CVE: N/A ----- PoC 1: SQLi -----...

openSUSE Security Update : libgit2 (openSUSE-2019-986)

This update for libgit2 fixes the following issues : Security issue fixed : - CVE-2018-17456: Submodule URLs and paths with a leading '-' are now ignored to avoid injecting options into library consumers that perform recursive clones bsc1110949. Non-security issues fixed : - Version update to...