Cybersecurity Teardown: Benefit of Hash Values

Welcome to the second part in our Hash Values series of the Cybersecurity Teardown. Today, we'll be covering: How hashing could provide a valuable benefit A real-world example and explanation at work The results of our hashing This is the second part of a three-part series. Be sure to check back...

CSZ CMS 1.2.1 Arbitrary File Upload

i?=========================================================================================== Exploit Title: CSZ CMS 1.2.1 - Arbitrary File Upload Dork: N/A Date: 15-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.cszcms.com/ Software Link:...

Linux Kernel CVE-2019-9213 NULL Dereferences

By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...

Unsafe Dependency Resolution

Overview io.dropwizard:dropwizard-example is a simple library for building production-ready RESTful web services. Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to resolving dependencies over an insecure channel http. If the build occurred over an insecure...

CDF - Crypto Differential Fuzzing

CDF is a tool to automatically test the correctness and security of cryptographic software. CDF can detect implementation errors, compliance failures, side-channel leaks, and so on. CDF implements a combination of unit tests with "differential fuzzing", an approach that compares the behavior of...

SSRF Protocol Smuggling in Plaintext Credential Handlers : LDAP

SSRF protocol smuggling involves an attacker injecting one TCP protocol into a dissimilar TCP protocol. A classic example is using gopher i.e. the first protocol to smuggle SMTP i.e. the second protocol: 1 |...

LeakLooker - Find Open Databases With Shodan

Find open databases with Shodan Background: https://medium.com/@wojciech/leaklooker-find-open-databases-in-a-second-9da4249c8472 Requirements: Python 3 Shodan paid plan, except Kibana search Put yourShodan API key in line 65 pip3 install shodan pip3 install colorama pip3 install hurry.filesize...

WordPress pitajte-strucnjaka 4.9.6 Shell Upload

Exploit Title : WordPress pitajte-strucnjaka Plugins 4.9.6 Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/01/2019 Vendor Homepage : wordpress.org Software Information Link : bol.rs/pitajte-strucnjaka Software Version : 4.9.6 Tested On : Windows...

Notepad++: Stack overflow affecting "ext" field on stylers.xml configuration file

Summary: A stack buffer overflow vulnerability affects "ext" field into "stylers.xml" configuration file. "isInList" function doesn't check boundaries on word64 array. Description: Vulnerability src file: notepad-plus-plus/PowerEditor/src/MISC/Common/Common.cpp Vulnerability line: line 329 Variab...

Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support

Easily turn single threaded command line applications into fast, multi threaded application with CIDR and glob support. Setup Install using: $ python3 setup.py install Dependencies will then be installed and Interlace will be added to your path as interlace. Usage Argument | Description ---|--- -...

PT-2019-17971 · Unknown +1 · Libiec61850 +1

Name of the Vulnerable Software and Affected Versions: libIEC61850 version 1.3.1 Description: A memory leak issue has been identified. The Memory malloc function in hal/memory/lib memory.c leaks memory when called from Asn1PrimitiveValue create in mms/asn1/asn1 ber primitive value.c. This issue i...

WordPress Adicon Server 1.2 Plugin - selectedPlace SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Software Link: https://wordpress.org/plugins/adicons/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.2 Category: webapps SQL Injection File:...

WordPress Audio Record 1.0 Plugin - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricted file upload in reco...

WordPress Cvp-Adegrontec 4.8.3 Shell Upload

Exploit Title : WordPress Cvp-Adegrontec Themes 4.8.3 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.1.6), cn.aghost:nacos-address (>=1.2.1.aghost-fix.20201109 <=1.2.1.aghost-fix.20210122) +408 more potentially affected by CVE-2018-15801 via org.springframework.security:spring-security-core (>=5.1.0.RELEASE <=5.1.1.RELEASE)

org.springframework.security:spring-security-core MAVEN version =5.1.0.RELEASE, =0.1.2, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109, =1.2.1.aghost-fix.20201109,...

Yeswiki Cercopitheque - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SQL Injection in Yeswiki Cercopitheque Exploit Author: Mickael BROUTY @ark1nar - FIDENS Vendor Homepage: https://yeswiki.net Software Link: https://repository.yeswiki.net/cercopitheque/yeswiki-cercopitheque-2018-12-07-1.zip...

WordPress newwpml 3.0 Database Disclosure

Exploit Title : WordPress newwpml Plugins 3.0 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version Information :...

Veil - Tool To Generate Metasploit Payloads That Bypass Common Anti-virus Solutions

Veil is a tool designed to generate metasploit payloads that bypass common anti-virus solutions. Veil is current under support by @ChrisTruncer Software Requirements: The following OSs are officially supported: Debian 8+ Kali Linux Rolling 2018.1+ The following OSs are likely able to run Veil: Ar...

WordPress Jazzy Forms 1.1.1 Database Backup Disclosure

Exploit Title : WordPress jazzy-forms Plugins 1.1.1 Database Backup Information Disclosure Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 30/11/2018 Vendor Homepage : wordpress.org/plugins/jazzy-forms/ Software Download Link :...

CloudBunny - A Tool To Capture The Real IP Of The Server That Uses A WAF As A Proxy Or Protection

CloudBunny is a tool to capture the real IP of the server that uses a WAF as a proxy or protection. How works In this tool we used three search engines to search domain information: Shodan, Censys and Zoomeye. To use the tools you need the API Keys, you can pick up the following links: Shodan -...