Tiger Post 3.0.1 - SQL Injection

Exploit Title: Tiger Post - Facebook Auto Post Multi Pages/Groups/Profiles v3.0.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy: https://codecanyon.net/item/tiger-post-facebook-auto-post-multi-pagesgroupsprofiles/15279075 Demo:...

Fileless Memory-Based Malware Plagues 140 Banks, Enterprises

Attackers have been using well-known, standard utilities to carry out attacks on organizations around the world, and covering their tracks by wiping their activity from the machine’s memory before its rebooted. The attackers, who may be connected to the GCMAN and Carbanak groups, aren’t using...

UBUNTU-CVE-2016-10208

The ext4fillsuper function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service out-of-bounds read and system crash via a crafted ext4 image...

Host Asset Information

Nessus collected information about the target host including: - network interfaces including IP addresses, MAC addresses, FQDNs - inventory of installed software - information about users and user groups This data has been stored in the Nessus report database. Note that this plugin will not produ...

Automato - Automating the user-focused enumeration tasks during an internal penetration test

automato should help with automating some of the user-focused enumeration tasks during an internal penetration test. automato is also capable of conducting limited brute force attacks such as: Testing to see if a list of users with a common password exists in the target domain Identifying if a...

MongoDB Attacks Jump From Hundreds to 28,000 In Just Days

Security researchers report a massive uptick in the number of MongoDB databases hijacked and held for ransom. On Monday, researcher Niall Merrigan reported 28,000 misconfigured MongoDB were attacked by more than a dozen hacker groups. That’s sharp increase from last week when 2,000 MongoDB had be...

Linux User List Enumeration

Using the supplied credentials, Nessus was able to enumerate the local users and groups on the remote Linux host. TRUSTED...

Mirai Giving DDoS-as-a-Service Industry a Boost

The availability of the Mirai malware source code online isn’t a guarantee that just anyone can quickly convert it into a money-making IoT-based DDoS botnet. Researchers at Digital Shadows have been combing dark web sites such as the Hackforums where black hat Anna-Senpai dropped the Mirai code i...

openSUSE Security Update : sudo (openSUSE-2016-1381)

This update for sudo fixes the following issues : - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality : - noexec bypass via system and popen CVE-2016-7032, bsc1007766 - noexec bypass via wordexp CVE-2016-7076, bsc1007501 Sudo was updated to the package from...

HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0179 HDF5 Group libhdf5 H5TCOMPOUND Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4333 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and...

pcre: Buffer overflow caused by repeated conditional group (8.38/3)

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

pcre: buffer overflow caused by patterns with duplicated named groups with (?| (8.38/27)

PCRE before 8.38 mishandles certain instances of the ?| substring, which allows remote attackers to cause a denial of service unintended recursion and buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object...

pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)

PCRE before 8.36 mishandles the /a\2|a\g/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a...

"Allowed review participants" isn't restricting the scope for groups

h3. Summary The "Allowed review participants" option in the project settings isn't restricting the scope for groups when searching for reviewers to be added to a review, therefore all the groups are listed, even the ones not included as allowed groups. h3. Environment Tested on Crucible 4.2.0 h3...

[20161003] - Core - Account Modifications

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments...

The RFC 5114 saga

Back in January I posed a question "to the Internet": What the heck is RFC 5114? It looks like a lot happened since then around it. I would like to use this post to recollect some of the stuff around RFC5114 . Chapter 0: October 2007 RFC5114 draft was submitted to the IETF . Chapter I: January 20...

Five Ways That Good Guys Share More Than Bad Guys

It takes a lot for me to write a cybersecurity blog post these days. I spend most of my writing time working on my PhD. Articles like Nothing Brings Banks Together Like A Good Hack drive me up the wall, however, and a Tweet rant is insufficient. What fired me up, you might ask? Please read the...

Germany Orders Facebook to Stop Collecting Data on WhatsApp Users

A German privacy regulator issued an order this week prohibiting Facebook from collecting user data on German WhatsApp users, calling the company’s actions misleading and in violation of the nation’s data protection law. The move comes a few weeks after a recent WhatsApp policy change that said t...

SUSE SLES11 Security Update : openssh (SUSE-SU-2016:2388-1)

This update for OpenSSH fixes the following issues : - Prevent user enumeration through the timing of password processing. bsc989363, CVE-2016-6210 - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used. bsc948902 - Sanitize input for xauth1. bsc97063...

SUSE SLES11 Security Update : openssh (SUSE-SU-2016:2281-1)

This update for openssh fixes the following issues : - CVE-2016-6210: Prevent user enumeration through the timing of password processing bsc989363 -preventtiminguserenumeration - Allow lowering the DH groups parameter limit in server as well as when GSSAPI key exchange is used bsc948902 -...