📄 PKP-WAL 3.5.0-1 SQL Injection

PKP-WAL versions 3.5.0-1 and below suffer from a remote SQL injection vulnerability in the Institution Collector. ---------------------------------------------------------------------- PKP-WAL = 3.5.0-1 Institution Collector SQL Injection Vulnerability...

GeoNetwork 操作系统命令注入漏洞

GeoNetwork is GeoNetwork open source a catalog application . It is used to manage spatial reference resources. A security vulnerability exists in GeoNetwork versions prior to 3.12.0 and 4.x series versions prior to 4.0.4, which can be exploited by an attacker to remotely execute arbitrary operati...

Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder

Aaia pronounced as shown here helps in visualizing AWS IAM and Organizations in a graph format with help of Neo4j. This helps in identifying the outliers easily. Since it is based on neo4j , one can query the graph using cypher queries to find the anomalies. Aaia also supports modules to...

Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072)

Cookie hijacking: Internet Explorer UXSS CVE-2015-0072 Host below files on webserver attacker.com and share the exploit link with victims, exploit.php --- exploit link Share with victim redirect.php --- Script to redirect on target page target page should not contain X-Frame-Options or it will fa...