Starbucks: SSRF at ideas.starbucks.com

In this report, @damian89 identified a Server Side Request Forgery SSRF vulnerability on ideas.starbucks.com that allowed sending arbitrary HTTP requests and returned response bodies. The report went on to demonstrate how this flaw could be leveraged to use the vulnerable host as a proxy and...

New Relic: Password theft login.newrelic.com via Request Smuggling

Hi, The Rails application at login.newrelic.com is accessed through a proxy written in Golang, and an nginx server. By sending an ambiguous request, an attacker can desynchronize these servers, leaving the socket to the backend poisoned with a harmful response. This response will then be served u...

chromium-browser: Inappropriate implementation in QUIC Networking

Implementation error in QUIC Networking in Google Chrome prior to 72.0.3626.81 allowed an attacker running or able to cause use of a proxy server to obtain cleartext of transport encryption via malicious network proxy...

IPFire 2.21 - Cross-Site Scripting

IPFire 2.21 - Cross-Site Scripting Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.is...

Smoothwall Express 3.1-SP4 - Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: Smoothwall Express 3.1-SP4-polar-x8664-update9 | Cross-Site Scripting Date: 06.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.smoothwall.org Software Link:...

IPFire 2.21 - Cross-Site Scripting

Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.iso Version: IPFire 2.21 - Core Updat...

USN-3874-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, gain additional privileges by escaping the sandbox, or execute arbitrary code. CVE-2018-18500,...

Mozilla Firefox Security Advisories (MFSA2018-31, MFSA2019-03) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox Security Advisories (MFSA2018-31, MFSA2019-03) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Sn0Int - Semi-automatic OSINT Framework And Package Manager

sn0int is a semi-automatic OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence about a given target or about yourself. sn0int is enumerating attack surface by semi-automatically processing public information and mapping the result...

AutoSploit v3.0 - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been select...

Sandbox Restrictions Bypass

flatpak is vulnerable to sandbox restrictions escape. The whitespace handling in the proxy is not identical to whitespace handling in dbus-proxy/flatpak-proxy.c, allowing an attacker to break out of the sandbox via malicious D-Bus messages to the host...

Cross-site Scripting (XSS) Or Information Disclosure

Apache Tomcat is vulnerable to cross-site scripting XSS attacks and information disclosure. It permits invalid characters when parsing the HTTP request line. Attackers can exploit it, in conjunction with a proxy that also permits the invalid characters but with a different interpretation, to inje...

Information Disclosure

atomic-openshift is vulnerable to information disclosure. An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a...

[SECURITY] Fedora 28 Update: wget-1.20.1-1.fc28

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

Apache Tomcat < 6.0.10 Directory Traversal

According to its self-reported version number, the Apache Tomcat instance listening on the remote host is prior to 6.0.10. It is, therefore, affected by the following vulnerability : - A directory traversal vulnerability exists in Tomcat due to improper handling of certain path delimiters when...

FreeBSD : chromium -- multiple vulnerabilities (546d4dd4-10ea-11e9-b407-080027ef1a23)

Google Chrome Releases reports : 43 security fixes in this release, including : - High CVE-2018-17480: Out of bounds write in V8 - High CVE-2018-17481: Use after free in PDFium - High CVE-2018-18335: Heap buffer overflow in Skia - High CVE-2018-18336: Use after free in PDFium - High CVE-2018-1833...

WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write

WebKit: JSC: A bug in JSArray::shiftCountWithArrayStorage CVE-2018-4441 bool JSArray::shiftCountWithArrayStorageVM& vm, unsigned startIndex, unsigned count, ArrayStorage storage unsigned oldLength = storage-length; RELEASEASSERTcount hasHoles && this-structurevm-holesMustForwardToPrototypevm, thi...

ThunderDNS - Tool To Forward TCP Traffic Over DNS Protocol

This tool can forward TCP traffic over DNS protocol. Non-compile clients + socks5 support. Run Setting up NS records on our domain: Please wait for clearing DNS-cache. Simple server run: python3 ./server.py --domain oversec.ru Simple server run Dockerfile: docker run -e DOMAIN='' Simple client ru...

Veeam Backup for Office 365 No E-Mail Notification After Job Run

Challenge When the backup job completes the Job notification is never received. Cause 1. Error: Unable to connect to the remote server 2. Job completes with no Error, but you do not receive a notification email. This can be caused by: Email relay server blocking emails that exceed 512KB size The...