Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/05 9:47 p.m.13 views

Twig: Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

Description SandboxNodeVisitor enforces SecurityPolicy::checkMethodAllowed for implicit toString calls by wrapping selected AST nodes in CheckToStringNode. The set of wrapped nodes is incomplete, and several Twig language constructs still trigger PHP string coercion on a Stringable operand withou...

5.4AI score0.00044EPSS
Exploits0References5Affected Software1
Malwarebytes
Malwarebytes
added 2023/06/08 2:0 a.m.21 views

Warning: Victims' faces placed on explicit images in sextortion scam

The FBI has issued a warning about criminals digitally manipulating people's faces on to pornographic images--known as deepfaking--and then using those images to harass or extort money out of their victim in a practice known as sextortion. The FBI said the victims include children. From the...

7.2AI score
Exploits0
Penetration Testing Lab
Penetration Testing Lab
added 2021/10/20 8:3 a.m.69 views

Lateral Movement – WebClient

Coercing elevated accounts such as machine accounts to authenticate to a host under the control of an attacker can provide an opportunity for privilege escalation… Continue reading - Lateral Movement - WebClient...

3.3AI score
Exploits0
Kitploit
Kitploit
added 2021/08/09 9:30 p.m.50 views

ADCSPwn - A Tool To Escalate Privileges In An Active Directory Network By Coercing Authenticate From Machine Accounts And Relaying To The Certificate Service

A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts Petitpotam and relaying to the certificate service. Usage Run ADCSPwn on your target network. authentication will be relayed to. Optional arguments: port - The port ADCSPwn will listen on...

8AI score
Exploits0References1
Rows per page
Query Builder