GHSA-WV8V-RMW2-25WC XSS/HTML Injection Vulnerability in Umbraco Backoffice Components

Impact Authenticated users are able to exploit an XSS vulnerability when viewing certain localized backoffice components. Patches Will be patched in 14.3.2 and 15.1.2. Note: This issue was reported by Pratik Patil from NetSPI @Nexusss-ppatil...

AzSubEnum - Azure Service Subdomain Enumeration

AzSubEnum is a specialized subdomain enumeration tool tailored for Azure services. This tool is designed to meticulously search and identify subdomains associated with various Azure services. Through a combination of techniques and queries, AzSubEnum delves into the Azure domain structure,...

CVE-2020-17049

A security feature bypass vulnerability exists in the way Key Distribution Center KDC determines if a service ticket can be used for delegation via Kerberos Constrained Delegation KCD. To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service...

Mssqlproxy - A Toolkit Aimed To Perform Lateral Movement In Restricted Environments Through A Compromised Microsoft SQL Server Via Socket Reuse

mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse. The client requires impacket and sysadmin privileges on the SQL server. Please read this article carefully before continuing. It consists of three part...

Cisco ASA Remote Code Execution （CVE-2016-1287）

Remote Code Execution on Cisco ASA A year ago ExodusIntel disclosed a vulnerability affecting the IKE implementation in Cisco’s ASA products. The error is due to an overflow in the checking of reassembled IKE fragments, and allows remote code execution from an unauthenticated attacker. More...