Internet Bug Bounty: Mercurial can be tricked into granting authorized users access to the Python debugger

I reported this bug privately to Mercurial and they produced an out of band release to fix the bug here: https://www.mercurial-scm.org/wiki/WhatsNewMercurial4.1.3.282017-4-18.29 I produced a very detailed proof of concept with a Metasploit exploit module, which can be seen publicly here:...

Phpcms v9 vulnerability analysis-vulnerability warning-the black bar safety net

Recent study the source code and audit-related knowledge, will be grabbed before open source CMS vulnerability research, yesterday accidentally saw this PHPCMS vulnerability, you are ready to Analysis a lot, originally wanted to directly from the source code static analysis, but found itself on t...

FreeBSD-SA-17:03.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:03.ntp Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities of ntp Category: contrib Module: ntp Announced: 2017-04-12 Credits: Network Time...

X (Formerly Twitter): [staging-engineering.gnip.com] Publicly accessible GIT directory

Steps to reproduce: Open http://staging-engineering.gnip.com/.git/logs/refs/heads/master Publicly accessible GIT directory сan lead to leakage of source code and other private information...

WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China

WikiLeaks published hundreds of more files from the Vault 7 series today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran. Dubbed "Marble," the part 3 of CIA files contains 676 source code...

Source Code Disclosure

Scanner has detected server-side source code within the server's response. A modern web application will be reliant on several different programming languages. These languages can be broken up in two flavours. These are client-side languages such as those that run in the browser -- like JavaScrip...

NukeBot Banking Trojan Source Code Leaked Online by Author

The author behind NukeBot, a modular banking Trojan, released source code for the malware earlier this month in an apparent effort to regain the trust of the cybercrime community. Gosya, NukeBot’s creator, posted a GitHub link to the malware, calling it a “zeus-like banking trojan,” on several...

Urban Dictionary: Source Code Disclosure

URL http://www.urbandictionary.com/phpinfo.php Identified Source Code An attacker can obtain server-side source code of the web application, which can contain sensitive data - such as database connection strings, usernames and passwords - along with the technical and business logic of the...

CVE-2016-3078 PHP ZipArchive Integer Overflow analysis-vulnerability warning-the black bar safety net

This vulnerability range is PHP 7.0.6 version before PHP 7. the x version. PHP source code can be here to, PHP source code architecture PHP source code of the core library is in the Zend directory. Responsible for the php script parsing, execution and other core functions. TSRM directory is on yo...

Authentication flaw

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...

CVE-2017-6558

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...

CVE-2017-6558

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...

Rockstar Games: Source Code Disclosure (CGI)

Hello guys. I would like to share with you my discovery. The fact is that at: https://www.rockstargames.com/gta/game/highscores.cgi Anyone can see the source code of the script F166966 check please Regards @d1v3r...

Android Security Bulletin—March 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air OTA update. The Google device firmware images have also been released to the Google Developer...

Deluge Web UI 1.3.13 - Cross-Site Request Forgery

Deluge Web UI 1.3.13 - Cross-Site Request Forgery !-- Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Kyle Neideck, February 2017 Product ------- Deluge is a BitTorrent client available from http://deluge-torrent.org. Fix --- Fixed in the public source code, but not in...

HEVD kernel vulnerability training-with Windows play-bug warning-the black bar safety net

For this training of the research study will kernel vulnerability principle, the use of the way, under Windows many common data structures have a preliminary understanding, from the open Ring0 gate. HEVD project address: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver For the kernel...

Torvalds Downplays SHA-1 Threat to Git

When researchers demonstrated the first practical collision attack for the cryptographic hash function SHA-1 last week, they also identified related vulnerabilities impacted by the now-compromised algorithm. According to the SHAttered research post, co-authored by Google and a host of cryptograph...

SPARTA - Network Infrastructure Penetration Testing Tool

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenien...

Windows Botnet Spreading Mirai Variant

A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet. Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under...

JSP Source Code Leakage

undertow is vulnerable to JSP source code leakage. This is because the source code of a JSP is downloaded/displayed when a trailing slash is added to a JSP URL...