GLPI 9.4.5 - Remote Code Execution (RCE)

Exploit Title: GLPI 9.4.5 - Remote Code Execution RCE Exploit Author: Brian Peters Vendor Homepage: https://glpi-project.org Software Link: https://github.com/glpi-project/glpi/releases Version: | grep "CREATE TABLE" | grep -n wifinetworks Update the offsettable value with this number in the...

h1-ctf: [H1-2006 2020] "Swiss Cheese" design style leads to helping Mårten Mickos pay poor hackers

Summary: Several vulnerabilities in the bountypay application leads to unauthorised access, information disclosure, SSRF and other fun stuff. Steps To Reproduce: This is how I helped Mårten Mickos pay the poor hackers who had been waiting so long for their bounties. First part: Web I started by...

Shellsum - A Defense Tool - Detect Web Shells In Local Directories Via Md5Sum

A defense tool - detect web shells in local directories via md5sum Features Fast speed Lightweight Big database Tabled output Usages Install git clone https://github.com/ManhNho/shellsum.git chmod 755 -R shellsum/ cd shellsum/ pip install -r requirements.txt Run python shellsum.py ToDo Smooth...

java-1.7.0-openjdk security update

1:1.7.0.121-2.6.8.0.0.1 - Update DISTRONAME in specfile 1:1.7.0.121-2.6.8.0 - Turn off HotSpot bootstrap to see if it resolves build issues. - Resolves: rhbz1381990 1:1.7.0.121-2.6.8.0 - Bump to 2.6.8 and u121b00. - Drop patches S7081817, S8140344, S8145017 and S8162344 applied upstream. - Update...

Drupal 8 configuration file download vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 4 0 4 Security lab Date: 2016-09-22 0x00 vulnerability overview 1. Vulnerability description Drupal （ https://www.drupal.org is a free open source content management system, recent researchers have found in it 8. x 8.1.10 version found three security vulnerabilities,...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2016-0049)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0049 advisory. 1:1.8.0.71-2.b15 - Add md5sum for previous java.security file so it gets updated. - Resolves: rhbz1295753 1:1.8.0.71-1.b15 - Restore upstream version o...

java-1.8.0-openjdk security update

1:1.8.0.71-2.b15 - Add md5sum for previous java.security file so it gets updated. - Resolves: rhbz1295753 1:1.8.0.71-1.b15 - Restore upstream version of system LCMS patch removed by 'sync with Fedora' - Add patch to turn off strict overflow on IndicRearrangementProcessor,2.cpp - Resolves:...

java-1.8.0-openjdk security update

1:1.8.0.51-1.b16 - Add md5sum for January 2015 java.security update so it gets updated this time. - Resolves: rhbz1235162 1:1.8.0.51-0.b16 - July 2015 security update to u51b16. - Add script for generating OpenJDK tarballs from a local Mercurial tree. - Add %name prefix to patches to avoid...

Basic Analysis And Security Engine <= 1.2.4 'readRoleCookie()' Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35470/info Basic Analysis And Security Engine BASE is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected application. Successfully exploiting th...

com_jumi / jumi 2.0.5 for joomla 1.5 backdoored

Summary: another backdoored joomla component yawn Application: Jumi, a joomla component About Jumi: Jumi is the set of custom code extensions for Joomla! 1.0.x and 1.5.x in their native modes. Since 2006 more then 200.000 downloads. With Jumi you can include php, html, javascript scripts into the...