wityCMS 0.6.1 Cross Site Scripting

Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Dnsmorph - Domain Name Permutation Engine Written In Go

DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. DNSMORPH includes the following domain...

XSS in some development error pages

More info at https://bakery.cakephp.org/2018/05/20/cakephp36435173414released.html...

Heap Viewer - An IDA Pro Plugin To Examine The Glibc Heap, Focused On Exploit Development

An IDA Pro plugin for now to examine the heap, focused on exploit development. Currently only supports glibc malloc ptmalloc2. Requirements IDA Pro = 6.9 Tested on glibc = 2.26 GraphView for linked lists bins/tcache Magic utils: Unlink merge info Fake fastbin finder House of force helper Useful...

Imperva Python SDK – We’re All Consenting SecOps Here

Managing your WAF can be a complicated task. Custom policies, signatures, application profiles, gateway plugins… there’s a good reason ours is considered the best in the world. Back when security teams were in charge of just a handful of WAF stacks and a few dozen applications, things were...

CVE-2018-8119

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK, C SDK, Java SDK...

[SECURITY] [DLA 1373-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u14 CVE ID : CVE-2018-10545 CVE-2018-10547 CVE-2018-10548 Several issues have been discovered in PHP recursive acronym for PHP: Hypertext Preprocessor, a widely-used open source general-purpose scripting language that is especially suited for web development...

USN-3642-1 dpdk vulnerability

Maxime Coquelin discovered that DPDK incorrectly handled guest physical ranges. A malicious guest could use this issue to possibly access sensitive information...

CVE-2018-10683

An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admin Guide indicates that "without a security...

CVE-2018-10682

An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment permits an...

WordPress User Role Editor Plugin < 4.25 - Privilege Escalation Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress...

WordPress Plugin User Role Editor 4.25 - Privilege Escalation

WordPress Plugin User Role Editor 4.25 - Privilege Escalation This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The...

java security update

CentOS Errata and Security Advisory CESA-2018:1270 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

[SECURITY] Fedora 26 Update: gsoap-2.8.43-3.fc26

The gSOAP Web services development toolkit offers an XML to C/C++ language binding to ease the development of SOAP/XML Web services in C and C/C++...

[SECURITY] Fedora 28 Update: origin-3.9.0-1.fc28

OpenShift Origin is a distribution of Kubernetes optimized for application development and deployment. OpenShift Origin adds developer and operational centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for...

Carbon Black: A “Great Place to Work”

I am excited to announce Carbon Black has been certified as a “Great Place to Work” by the Great Place to Work Institute. It’s Carbon Black’s first such accolade on a national level and speaks volumes for our nearly 1,000 employees worldwide who come to work every day to create a world safe from...

Penetration Testers Framework: PTF

The PenTesters Framework PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. As pentesters, we’ve been accustom to the /pentest/ directories or our own toolsets that we want to keep up-to-date all o...

DPDK Memory Disclosure Vulnerability

DPDK is a set of open source drivers for fast packet processing. A security vulnerability exists in the vhost-user interface in versions of DPDK prior to 18.02.1. An attacker can exploit this vulnerability to disclose vhost-user backend process memory...

Delta Electronics PMSoft

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Low skill level to exploit. Vendor : Delta Electronics Equipment : PMSoft Vulnerabilities : Multiple Stack-Based Buffer Overflow vulnerabilities 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause the application to crash;...