Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection

Microsoft has discovered a vulnerability that could allow an attacker to bypass System Integrity Protection SIP in macOS and perform arbitrary operations on a device. We also found a similar technique that could allow an attacker to elevate their privileges to root an affected device. We shared...

Unicode characters allow malicious code to be hidden from a human reviewer (Bitbucket Server / DC) - CVE-2021-42574

Researchers at the University of Cambridge reported a vulnerability affecting Bitbucket Server / DC where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These special characters are typically not displayed by the...

FreeSWITCH 1.10.6 SRTP Packet Denial Of Service

FreeSWITCH susceptible to Denial of Service via invalid SRTP packets - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-09-freeswitch-srtp-dos - Vendor Security Advisory:...

Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection Exploit

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link:...

Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Vulnerability

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GET /web HTTP/1.1...

Mitsubishi Electric / INEA SmartRTU Source Code Disclosure

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...

Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure

Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Date: 2021-17-10 Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GE...

Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)

Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting XSS Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...

[SECURITY] Fedora 33 Update: libopenmpt-0.4.24-1.fc33

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

CVE-2018-16060

Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information directory listing and source code via a direct request to the /web URI...

Code injection

Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information directory listing and source code via a direct request to the /web URI...

CVE-2018-16060

CVE-2018-16060 affects Mitsubishi Electric Europe B.V. SmartRTU devices. Affected component: the web interface at the direct URI /web. Root cause: direct requests to /web disclose directory listings and source code, enabling remote attackers to obtain sensitive information. Exploitation status: P...

CVE-2018-16060

Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information directory listing and source code via a direct request to the /web URI...

Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak

The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency’s site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code. The newspaper verified its findings with...

PT-2021-8816 · Mitsubishi · Smartrtu

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Europe B.V. SmartRTU devices affected versions not specified Description: The issue allows remote attackers to obtain sensitive information, including directory listings and source code, by making a direct request to the...

Mitsubishi Electric SmartRTU 安全漏洞

Mitsubishi Electric smartRTU is an intelligent remote terminal unit RTU from Mitsubishi Electric Japan. A security vulnerability exists in the Mitsubishi Electric SmartRTU that originates from the disclosure of sensitive information in the /web URI of the device. The vulnerability can be exploite...

Simple Payroll System 1.0 SQL Injection

Exploit Title: Simple Payroll System 1.0 - SQLi Authentication Bypass Date: 2021-10-09 Exploit Author: Yash Mahajan Vendor Homepage: https://www.sourcecodester.com/php/14974/simple-payroll-system-dynamic-tax-bracket-php-using-sqlite-free-source-code.html Software Link:...

Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass

Exploit Title: Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass Date: 11.10.2021 Exploit Author: Oguzhan Kara Vendor Homepage: https://www.sourcecodester.com/php/14929/online-learning-system-v2-using-php-free-source-code.html Software Link:...

Simple Payroll System 1.0 - SQLi Authentication Bypass

Exploit Title: Simple Payroll System 1.0 - SQLi Authentication Bypass Date: 2021-10-09 Exploit Author: Yash Mahajan Vendor Homepage: https://www.sourcecodester.com/php/14974/simple-payroll-system-dynamic-tax-bracket-php-using-sqlite-free-source-code.html Software Link:...

Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery (CSRF)

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Add New User' Cross-Site Request Forgery CSRF Date: 10/11/2021 Exploit Author: Murat DEMIRCI @butterflyhunt3r Vendor Homepage: https://www.sourcecodester.com/ Software Link:...