CVE-2026-35233

An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range shlink field. When root-level dtrace attaches to -- or instruments -- that process via dtrace -p , pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cach...

PT-2026-36530

Name of the Vulnerable Software and Affected Versions dtrace affected versions not specified Description An unprivileged attacker can create a user-space process with a malicious ELF binary containing an out-of-range sh link field. When a root-level dtrace process attaches to or instruments that...

CVE-2026-29128

The CVE-2026-29128 entry affects IDC SFX2100 Satellite Receiver firmware. Daemon configuration files (zebra.conf, bgpd.conf, ospfd.conf, ripd.conf) are owned by root but world-readable, containing hardcoded or insecure plaintext passwords (including enable/privileged credentials). A remote attack...

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work ...

php_loose_comparison.txt

Initial Access — Foothold as www-data Vulnerability S...

PT-2025-49392

New HTB video up - Editor machine Chained CVE-2024-24893 for the foothold and CVE-2024-32019 to get root. https://t.co/z1zRLuMttt commands: https://t.co/zZEPDE8xg0 HackTheBox OSCP pentesting editor https://t.co/opAGaJ4Evv...

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

Exploit for: GravCMS 1.10.7 - Arbitrary YAML Write/...

CVE-2023-41720

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure ICS appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated executio...

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw CVE-2022-24086, CVSS score: 9.8 in Adobe Commerce and Magento Open Source...

FortiNAC - argument injection in XML interface on port tcp/5555

An improper neutralization of special elements used in a command 'command injection' vulnerability CWE-77 in FortiNAC tcp/5555 service may allow an unauthenticated attacker to copy local files of the device to other local directories of the device via specially crafted input fields. To access the...

Red-Teaming-Toolkit

This is a collection of open source and commercial tools that aid in red team operations. The repository includes tools for reconnaissance, weaponization, delivery, command and control, lateral movement, establishing a foothold, escalating privileges, data exfiltration, and miscellaneous...

Remote Potato – From Domain User to Enterprise Admin

NTLM Relaying is an well-known technique that was mainly used in security assessments in order to establish some sort of foothold on a server in… Continue reading - Remote Potato - From Domain User to Enterprise Admin...

h1-ctf: [H1-2006 2020] 36 hours of brain cycles utilized on solving a neat puzzle

Here we go: F852423 Recon: The given scope is: .bountypay.h1ctf.com Found subdomains: bountypay.h1ctf.com api.bountypay.h1ctf.com app.bountypay.h1ctf.com software.bountypay.h1ctf.com staff.bountypay.h1ctf.com www.bountypay.h1ctf.com Relevant GitHub repository:...

Microsoft Exchange – Code Execution

Gaining access to the mailbox of a domain user can lead to execution of arbitrary code by utilising the credentials that have been discovered. Various techniques have been discovered by Nick Landers and Etienne Stalmans that involve the abuse of Outlook common functionality in order to execute...

Apple Fixes SSL Man-in-the-Middle Bug in iOS 4.3.5

Apple has released another new version of its iOS operating system for iPhones and other devices that fixes a security vulnerability in the way that the software handled SSL certificates and validated their authenticity. An attacker exploiting the bug might be able to intercept SSL traffic, Apple...