h1-ctf: Hacky Holidays CTF Writeup

Intro: 12 days of challenges - some more challenging than others! This holiday CTF had all 12 challenges hosted on the website https://hackyholidays.h1ctf.com/ F1129112 Challenge 1: I started by significantly overthinking all of the early challenges in this competition. When this CTF started the...

HAXX libcurl 信任管理问题漏洞

Haxx libcurl is an open source client-side URL transport library from the Swedish company Haxx. It supports protocols such as FTP, SFTP, TFTP and HTTP. Haxx libcurl suffers from a trust management issue vulnerability that can be exploited by an attacker to act as a man-in-the-middle by performing...

Kubernetes Security Vulnerabilities

Kubernetes is an open source Docker container cluster management system from the Linux Foundation. The system provides resource scheduling, deployment and operation, service discovery, and scaling up and down for containerized applications. Kubernetes suffers from a security vulnerability that ca...

IBM Cloud Pak for Security 代码问题漏洞

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. The vulnerability stems from the product's failure...

BugPoC: XSS Challenge

Hello, ID: bp-oJelDA6b Password: PLEAsEdYAk24 Impact The attacker can steal any user session data...

SAP NetWeaver Application Server Java Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server Java is a German SAP SAP company provides a Java runtime environment of the application server. The product is mainly used to develop and run Java EE applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server Java versions 7.10,...

Fix of 227 CVE

Fix bug 69720: Null pointer dereference in phargetfpoffset - Fix bug 70728: Type Confusion Vulnerability in PHPtoXMLRPCworker - Fix bug 70661: Use After Free Vulnerability in WDDX Packet Deserialization - Fix bug 70741: Session WDDX Packet Deserialization Type Confusion Vulnerability - Fix bug...

CVE-2020-6319

SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal...

ARC Informatique PcVue Information Disclosure Vulnerability

Pcvue is a multi-functional HMI-SCADA software from ARC Informatique, an all-in-one solution that monitors all aspects of a customer's assets.PcVue is used in a wide range of applications including industrial control, building management, energy management, smart grid, energy distribution,...

CVE-2020-26869

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit...

CVE-2020-26869

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit...

Information disclosure

ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit...

CVE-2020-6283

SAP Fiori Launchpad does not sufficiently encode user controlled inputs, and hence allowing the attacker to inject the meta tag into the launchpad html using the vulnerable parameter, resulting in reflected Cross-Site Scripting XSS vulnerability. With a successful attack, the attacker can steal...

CS2 Network P2P Information Disclosure Vulnerability

CS2 Network P2P is a P2P peer-to-peer networking platform. A security vulnerability exists in CS2 Network P2P 3.x and prior versions. An attacker can exploit this vulnerability to obtain user session data...

CVE-2020-9526

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising...

Design/Logic Flaw

CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an information exposure flaw that exposes user session data to supernodes in the network, as demonstrated by passively eavesdropping on user video/audio streams, capturing credentials, and compromising...

Code injection

Firmware developed by Shenzhen Hichip Vision Technology V6 through V20, as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio...

CVE-2020-9528

Firmware developed by Shenzhen Hichip Vision Technology V6 through V20, as used by many different vendors in millions of Internet of Things devices, suffers from cryptographic issues that allow remote attackers to access user session data, as demonstrated by eavesdropping on user video/audio...

Reliance on Cookies without validation in OctoberCMS

Impact Previously encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a higher chance of...

Unspecified Vulnerability in Naviwebs Navigate CMS

Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A security vulnerability exists in Naviwebs Navigate CMS 2.9 r1433, which originates from the program storing sessions and related information e.g. CSRF tokens in plaintext files in...