The vulnerability of the syncNtpTime() function in the SystemHandler.class.php script of the software for backup and recovery, Vinchin Backup & Recovery, allows a perpetrator to execute arbitrary commands.

The vulnerability of the syncNtpTime function in the SystemHandler.class.php script of the software for backup and recovery solutions, Vinchin Backup & Recovery, is related to the failure to eliminate special elements used in the operating system’s command processing when handling the ntphost...

Cross site scripting

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...

CVE-2023-40170 cross-site inclusion (XSSI) of files in jupyter-server

jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on /files/ URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit 87a49272728 which h...

Gladius - Easy mode from Responder to Credentials

Gladius provides an automated method for cracking credentials from various sources during an engagement. We currently crack hashes from Responder, secretsdump.py, and smarthashdump. Install pip install watchdog git clone https://www.github.com/praetorian-inc/gladius cd gladius git clone...