Retoolkit - Reverse Engineer's Toolkit

This is a collection of tools you may like if you are interested on reverse engineering and/or malware analysis on x86 and x64 Windows systems. After installing this toolkit you'll have a folder in your desktop with shortcuts to RE tools like these: Why do I need it? You don't. Obviously, you can...

Exploit for NULL Pointer Dereference in Openssl

CVE-2021-3449 OpenSSL This issue was reported to OpenSSL on 1...

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

First User Logon via Citrix Workspace App Since Command Line Deployment Receiving "Citrix Workspace is Setting up your store...”

Citrix Workspace app for Windows via Command Line and configured store URL in the process. During first user logon via Workspace App since reboot the following dialog is displayed"Citrix Workspace is setting up your store. this process will take few minutes”...

[SECURITY] Fedora 34 Update: gnome-initial-setup-40~rc-1.fc34

GNOME Initial Setup is an alternative to firstboot, providing a good setup experience to welcome you to your system, and walks you through configuring it. It is integrated with gdm...

[SECURITY] Fedora 34 Update: gnome-boxes-40~rc-1.fc34

gnome-boxes lets you easily create, setup, access, and use: remote machines remote virtual machines local virtual machines When technology permits, set up access for applications on local virtual machines...

Fedora: Security Advisory for gnome-control-center (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for gnome-initial-setup (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Android: DNS setup for developing and testing against local web services

Most "interesting" smartphone applications do not run only on the smartphone device; they rely on supporting web services that can be run both by the deploying organization and 3rd parties. One of the challenges we have run into when developing Android application is setting up a suitable...

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel debug rce 食用方法 执行docker-compse up -d启动环境 访问8888端口后点击首页面的generate key就可以复现了 关于docker环境想说的几点： - 把.env.example复制到.env作用是开启debug环境 - 关闭了php.ini的phar.readonly - 在resources/view/里添加了一个hello模板并引用了一个未定义变量，同时在routes/web.php添加路由这个我加在源码里了，没写dockerfile里 复现效果 脚本已放出，脚本要和phpggc项目文件夹在同一级目录下...

Plone CMS 5.2.3 Cross Site Scripting

Exploit Title: Plone CMS 5.2.3 - 'Title' Stored XSS Date: 18-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://plone.com/ Software Link: https://github.com/plone/Products.CMFPlone/tags Version: 5.2.3 Tested on: Windows 10 Reference -...

Plone CMS 5.2.3 - 'Title' Stored XSS

Exploit Title: Plone CMS 5.2.3 - 'Title' Stored XSS Date: 18-03-2021 Exploit Author: Piyush Patil Vendor Homepage: https://plone.com/ Software Link: https://github.com/plone/Products.CMFPlone/tags Version: 5.2.3 Tested on: Windows 10 Reference -...

CVE-2020-26886

Softaculous before 5.5.7 is affected by a code execution vulnerability because of External Initialization of Trusted Variables or Data Stores. This leads to privilege escalation on the local host...

Microsoft Windows Setup Directory Junction Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

Design/Logic Flaw

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on SSO integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the...

Information Disclosure

productsgenericsetup is vulnerable to information disclosure. The vulnerability exists because the function ensureSnapshotsFolder does not tighten the permissions for access control on setup tool log files and snapshot files and folders, allowing anonymous visitors to view log and snapshot files...

GHSA-JFF3-MWP3-F8CW Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup

Impact What kind of vulnerability is it? Who is impacted? Information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. Patches Has the problem been patched? What versions should users upgrade to? The problem has been fixed in versi...

How to Configure a Citrix Gateway Appliance with Unlimited ICA Connections

This article contains information about configuring a Citrix Gateway appliance with unlimited Independent Computing Architecture ICA connections...

PT-2021-2339

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description The issue is related to an elevation-of-privilege vulnerability in the Windows Update Stack Setup, which is caused by insecure privilege management. This vulnerability can be exploited to all...

Multi-forest consideration for published resources in Citrix Cloud

How to configure multi forest user can access the published resource in Citrix Cloud...