Microsoft Patch Tuesday Updates Fix 14 Critical Bugs

Microsoft has released its regularly scheduled March Patch Tuesday updates, which address 89 security vulnerabilities overall. Included in the slew are 14 critical flaws and 75 important-severity flaws. Microsoft also included five previously disclosed vulnerabilities, which are being actively...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess

This is a proof-of-concept PoC exploit for a vulnerability in the bwconn.dll library, which is a Windows RPC client library. The vulnerability is identified as CVE-2016-0856. The PoC exploit is written in Python and uses the ctypes library to interact with the bwconn.dll library. The exploit...

Cisco Patches Critical Flaw After PoC Exploit Code Release

A day after proof-of-concept PoC exploit code was published for a critical flaw in Cisco Security Manager, Cisco has hurried out a patch. Cisco Security Manager is an end-to-end security management application for enterprise administrators, which gives them the ability to enforce various security...

Exploit for CVE-2020-1472

Zer0Dump Zer0dump is an PoC exploit/tool for abusing the vuln...

Mootbot Botnet Targets Fiber Routers with Dual Zero-Days

The Mootbot botnet has been using a pair of zero-day exploits to compromise multiple types of fiber routers. According to researchers, other botnets have attempted to do the same, but have so far failed. According to researchers at NetLab 360, the operators of the Mootbot botnet in late February...

Code Injection in keymetrics/vizion

Overview The issue is an RCE triggerable via the module. This is possible because in the https://github.com/keymetrics/vizion/blob/master/lib/git/git.jsL228 line, the git reset --hard command is concatenated with a unsanitized input: js var command = cliCommandargs.folder, "git reset --hard " +...

Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!

Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which can propagate itself from one vulnerable computer to another automatically. The vulnerability, track...

Zabbix 4.4 Authentication Bypass

!/usr/bin/perl -w Zabbix Zabbix Initializing the browser Referer = User-Agent = Opera/9.61 Macintosh; Intel Mac OS X; U; de Presto/2.1.1 Content-Type = application/x-www-form-urlencoded no-store, no-cache, must-revalidate close Mon, 07 Oct 2019 12:29:54 GMT no-cache nginx Accept-Encoding text/htm...

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update—Exim...

Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery

Hello, Please find the below vulnerability details, --------------------------------------------------------------------------------------------------------------------------------- Exploit Title: Wolters Kluwer TeamMate+ – Cross-Site Request Forgery CSRF vulnerability Date: 02/09/2019 Exploit...

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows for a local privilege escalation. The exploit is implemented in C++ and has been ported to Go and a legacy version without C++11 features. The exploit modifies the /etc/passwd file, forcing the password...

Xssizer - The Best Tool To Find And Prove XSS Flaws

According to WikiPedia Cross-site scripting is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access...

Oracle Hyperion Planning 11.1.2.4 Cross Site Scripting

Exploit Title: Oracle Hyperion Planning, 11.1.2.4 Vulnerable to Cross Site Scripting Date: 2018-10-16 Exploit Author: Hasan Alqawzai Vendor Homepage: https://www.oracle.com Software Link:...

Oracle Hyperion Planning 11.1.2.4 Cross Site Scripting Vulnerability

Exploit for windows platform in category web applications Exploit Title: Oracle Hyperion Planning, 11.1.2.4 Vulnerable to Cross Site Scripting Exploit Author: Hasan Alqawzai Vendor Homepage: https://www.oracle.com Software Link:...

BORGChat 1.0.0 build 438 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: BORGChat 1.0.0 build 438 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://borgchat.10n.ro Software Link: http://borgchat.10n.ro/download.php Version: 1.0.0 build 438 Category: Dos Tested on:...

Hacker Discloses New Windows Zero-Day Exploit On Twitter

A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. SandboxEscaper posted a link to a Github page hosti...

Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit

A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept PoC exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8. Discovered by white hat hacker Jann Horn, the kernel vulnerability CVE-2018-1718...

Microsoft Windows Kernel - win32k!NtUserConsoleControl Denial of Service PoC Exploit

Exploit for windows platform in category dos / poc Exploit Title: Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service PoC Author: vportal Date: 2018-07-27 Vendor homepage: http://www.microsoft.com Version: Windows 7 x86 Tested on: Windows 7 x86 CVE: N/A It is possible to...

Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext

For the second time in less than a week, users of the popular end-to-end encrypted Signal messaging app have to update their desktop applications once again to patch another severe code injection vulnerability. Discovered Monday by the same team of security researchers, the newly discovered...

5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws

Well, that did not take long. Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have...