Exploiting CVE-2018-1335:Command Injection in Apache Tika

The post Exploiting CVE-2018-1335: Command Injection in Apache Tika appeared first on Rhino Security Labs...

Microsoft Windows DHCP Client CVE-2019-0698 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successfully exploiting this issue may result in the execution of arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions. Technologies Affecte...

Using Gmail "Dot Addresses" to Commit Fraud

In Gmail addresses, the dots don't matter. The account "[email protected]" maps to the exact same address as "[email protected]" and "[email protected]" -- and so on. Note: I own none of those addresses, if they are actually valid. This fact can be used to commit fraud:...

SpeakUp Linux Backdoor Sets Up for Major Attack

LAS VEGAS — A backdoor trojan dubbed “SpeakUp” has been spotted exploiting the Linux servers that run more than 90 percent of the top 1 million domains in the U.S. It uses a complex bag of tricks to infect hosts and to propagate, which analysts say could indicate that it’s poised for a major...

WordPress Snax 4.9.x SQL Injection

Exploit Title : WordPress Snax Plugins 4.9.x SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/01/2019 Vendor Homepage : snax.bringthepixel.com Software Information Link : codecanyon.net/item/snax-viral-frontend-uploader/16540363 Software Version ...

Irssi 1.1.x < 1.1.2 Use-After-Free Vulnerability

Irssi is prone to a use-after-free vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:irssi:irssi"; if description...

Information disclosure

There is an information leak vulnerability in some Huawei HG products. An attacker may obtain information about the HG device by exploiting this vulnerability...

MiniShare 1.4.1 - Remote Buffer Overflow HEAD and POST Method Exploit

Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length ------------------------------------------------------------------- EAX...

SwitchVPN for macOS 2.1012.03 - Privilege Escalation

SwitchVPN for macOS 2.1012.03 - Privilege Escalation ======================================================================= Title: Privilege Escalation Vulnerability Product: SwitchVPN for MacOS Vulnerable version: 2.1012.03 CVE ID: CVE-2018-18860 Impact: Critical Homepage: https://switchvpn.net...

SwitchVPN For MacOS 2.1012.03 Privilege Escalation

======================================================================= Title: Privilege Escalation Vulnerability Product: SwitchVPN for MacOS Vulnerable version: 2.1012.03 CVE ID: CVE-2018-18860 Impact: Critical Homepage: https://switchvpn.net/ Identified: 2018-09-29 By: Bernd Leitner...

SVScanner - Scanner Vulnerability And Massive Exploit

Is a tool for scanning and massive exploits. Our tools target several open source cms. Getting Started with Linux 1. git clone https://github.com/radenvodka/SVScanner.git 2. cd SVScanner 3. php svscanner.php Getting Started with Windows 1. Download Xampp PHP7 2. Download SVScanner :...

Thousands of MikroTik Routers Hijacked for Eavesdropping

A full 7,500+ MikroTik routers are forwarding their owners’ traffic to eavesdropping cybercriminals – while 239,000 more have had their Socks4 proxy enabled, maliciously and surreptitiously. This means the bad actors can gain access to any of the files or data being passed by the router to and fr...

Basecamp: Attachments may be hijacked via AppCache+CookieBombing trick (bc3_production_blobs bucket)

Basecamp attachments are stored in the bc3productionblobs bucket in the root directory and can be served with text/html content-type...

Microsoft Edge CVE-2018-8358 Security Bypass Vulnerability

Description Microsoft Edge is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Technologies Affected Microsoft Edge Recommendations Run all...

Ed: Physical Laptop Takeover

At 6:16PM of August 11th of 2018, during H1-702, right before the sand storm beat the shit out of the rooftop party, we managed to perform a critical attack on Ed's infrastructure. F332214 Report Summary During our analysis and reconnaissance of how Ed program worked during the h1-702 event, we...

CVE-2018-3834

Summary of CVE-2018-3834, Insteon Hub : The issue affects Insteon Hub firmware 1013. The PubNub-based firmware upgrade fetches signed binaries over plain HTTP and does not verify the firmware image type, allowing an attacker to supply a mismatched FW/PLM image signed with the same key. If a PLM i...

LG NAS 3718.510.a0 - Remote Command Execution

LG NAS 3718.510.a0 - Remote Command Execution Author: @0x616163 Date: 2018-07-29 Credits: https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/ CVE: N/A Firmware Version: 3718.510.a0 !/usr/bin/env python import sys import argparse import requests from collections...

Java JMX Server Insecure Endpoint Code Execution Scanner

Detect Java JMX endpoints This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java JMX Server Insecure Endpoint Code Execution Scanner', 'Description' = 'Detect Jav...

CVE-2018-6683

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention DLP for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline...

Firebase Exploiting Tool - Exploiting Misconfigured Firebase Databases

Exploiting vulnerable/misconfigured Firebase databases Prerequisites Non-standard python modules: dnsdumpster bs4 requests Installation If the following commands run successfully, you are ready to use the script: git clone https://github.com/Turr0n/firebase.git cd firebase pip install -r...