U.S. Dept Of Defense: EC2 subdomain takeover at http://████████/

There is a dangling DNS A record that points to an EC2 instance that no longer exists, I was able to claim the EC2 instance and host content on http://███████/. Steps To Reproduce: 1. Visit http://█████████/██████████.html and view the PoC: ██████ Suggested Remediation Steps Remove the A record...

Unable to VPX instance on ADM : Error Exception unable to login

Symptoms - When adding instance onto their ADM some users see the below error message...

CVE-2021-23413

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...

CVE-2021-23413

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance...

GraphQL Introspection Enabled

GraphQL is an open-source query and manipulation language for APIs and a server-side runtime built to handle these queries on the application dataset. GraphQL introspection allows to query all information related to the supported schema and queries on a GraphQL server instance. By leveraging this...

Aruba ClearPass Policy Manager SQL注入漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager has a security vulnerability that could allow a remote attacker to perform a SQL injection attack on a ClearPass instance...

Automated remediation level 4: Actual automation

Let’s get to automatically remediating already! This entry will be the last in our series based on The 4 Levels of Automated Remediation. After the previous 3 steps—where we discussed everything from logging to best practices to account hygiene—it’s time to talk about the actions that really let...

SUSE: Security Advisory (SUSE-SU-2016:2507-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-22116

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugi...

4Images 1.8 Cross Site Scripting

Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6 Version: 4Images Gallery 1.8 Tested on: Windows 10 and Kali CVE :...

h1-ctf: [100K-ctf] Multiple vulnerabilities leading to compromise of Pinger instance.

Hello, Gonna just submit flags first then will send my write up later tomorrow. ████ ██████ Thanks for fun! Impact An attacker can compromise Pinger instance located on https://ccc.h1ctf.com/2b5d2b11513d2c9b by chaining multiple vulnerabilities on https://ccc.h1ctf.com/...

CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

Improper access control

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

CVE-2021-29659

ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could...

CVE-2021-29659

OwnCloud 10.7 is affected by an incorrect access control vulnerability in a related API endpoint that allows remote information disclosure. An attacker can enumerate all users in a single request by supplying three whitespace characters, and on large instances this may add unusual load. The conne...

cloud-init bug fix and enhancement update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

cloud-init bug fix and enhancement update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fixes and Enhancements: AliyunRHEL8.4cloud-init cloud-init service failed to...

Pega Infinity登陆绕过漏洞（CVE-2021-27651）

Summary An attacker can bypass all stages of the password reset flow and reset any user's account on Pega infinity. This is done by 1 initiating the password reset flow and typing in the victim email, then 2 forcing the HTTP POST request to update the password through. An attacker could login usi...