Jobberbase 2.0 - (subscribe) SQL Injection Exploit

Exploit for php platform in category web applications !/bin/bash Exploit Title: Jobberbase 2.0 - 'subscribe' SQL injection Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: http://www.jobberbase.com/ Version: 2.0 Tested on: Ubuntu 18.04.1 : ' The page "/subscribe/" is...

Exploiting AWS ECR and ECS withthe Cloud Container Attack Tool (CCAT)

The post Exploiting AWS ECR and ECS with the Cloud Container Attack Tool CCAT appeared first on Rhino Security Labs...

serebrorus.ru Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-949982 Security Researcher geeknik Helped patch 8781 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting serebrorus.ru website and i...

Adobe Acrobat Reader DC for Windows - Double Free due to Malformed JP2 Stream

We have observed the following crash in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- ======================================= VERIFIER STOP 00000007: pid 0x2C1C: Heap block already freed. 0C441000 : Heap handle for the heap owning the...

bokning.iksu.se Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-940248 Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting bokning.iksu.se website and i...

Agent Tesla Botnet Arbitrary Code Execution

import requests import argparse import base64 Agent Tesla C2 RCE by prsecurity For research purposes only. Don't pwn what you don't own. def getargs: parser = argparse.ArgumentParser prog="agentteslasploit.py", formatterclass=lambda prog: argparse.HelpFormatterprog, maxhelpposition=50, epilog= ''...

JS support ticket,1.1.5,Directory Traversal

JS support ticket,1.1.5,Directory Traversal resolution: update to 1.1.6 update notice: https://joomsky.com/products/js-ticket-joomla.html...

Proface America SP-5600TP Control Panel

Binary data 764815.prm...

Design/Logic Flaw

cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd SEC-104...

Linux/x86 chmod(/etc/shadow, 0666) Polymorphic Shellcode (53 bytes)

---------------------- DESCRIPTION ------------------------------------- ; Title: chmod“/etc/shadow”, 0666 and exit for Linux/x86 - Polymorphic ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 53 bytes ; SLAE ID: PA-9844 ---------------------- ASM CODE...

CVE-2019-5456

SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the UniFi Controller version = 5.10.21 and their actual SMTP server to record their SMTP credentials for malicious use later...

Schneider Electric Modicon Controllers (ICSA-19-136-01)

Binary data 720272.prm...

Linux Kernel 4.15.x < 4.19.2 - map_write() CAP_SYS_ADMIN Local Privilege Escalation (polkit)

Exploit for linux platform in category local exploits !/bin/sh EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47167.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses polkit technique ---...

consorziobacchiglione.it Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-901341 Security Researcher calv1n Helped patch 22043 vulnerabilities Received 12 Coordinated Disclosure badges Received 37 recommendations , a holder of 12 badges for responsible and coordinated disclosure, found a security vulnerability affecting consorziobacchiglione.it...

U.S. Dept Of Defense: [██████████] Unauthorized access to admin panel

In previous reports, I described vulnerabilities in a panel to which I had access. 512269 512693 512695 I could log in to this site and then perform some attacks, such as SQL injection\XSS or other bugs. But before the above vulnerabilities were considered by you, the possibility to bypass...

Clickable Endnotes to Click Here to Kill Everybody

In Click Here to Kill Everybody, I promised clickable endnotes. They're finally available...

SNMPc Enterprise Edition 9 / 10 Mapping Filename Buffer Overflow

!/usr/bin/python -- coding: utf-8 -- -------------------------------------------------------------------- Exploit: SNMPc Enterprise Edition 9 & 10 Mapping File Name BOF Date: 11 July 2019 Exploit Author: @xerubus | mogozobo.com Vendor Homepage: https://www.castlerock.com/ Software Linke:...

Siemens SCALANCE XR524-8C Managed IE Switch

Binary data 764613.prm...

Linux/ARM64 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (128 bytes)

/ Title: Linux/ARM64 - Reverse 127.0.0.1:4444/TCP Shell /bin/sh + Null-Free Shellcode 128 bytes Date: 2019-06-30 Tested: Ubuntu 16.04 aarch64 Author: Ken Kitahara Compilation: gcc -o loader loader.c ubuntu@ubuntu:/works$ lsbrelease -a No LSB modules are available. Distributor ID: Ubuntu...

FreeBSD -- iconv buffer overflow

Problem Description: With certain inputs, iconv may write beyond the end of the output buffer. Impact: Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library...