CVE-2020-5301

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...

CVE-2020-5301 Information disclosure of source code in SimpleSAMLphp

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...

Shanghai Chuangzheng Information Technology Co., Ltd. website building system has website source code leakage vulnerability

Shanghai Chuangzheng Information Technology Co., Ltd Chuangzheng was founded in 2005, is a national high-tech enterprise. Shanghai Chuangzheng Information Technology Co., Ltd. website building system has a website source code leakage vulnerability, attackers can use the vulnerability to obtain...

Pwndrop - Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV

pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV. If you've ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m...

Overlay Malware Exploits Chrome Browser, Targets Banks and Heads to Spain

Researchers are warning of a remote overlay malware attack that leverages a fake Chrome browser plugin to target the accounts of banking customers in Spain. Grandoreiro is a type of remote overlay banking trojan, designed to help attackers overtake devices and display a full-screen overlay image...

Arbitrary Code Execution

helixplayer is vulnerable to arbitrary code execution. Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening,...

Imgur: Sourcemaps and Unminified Source Code Exposed on Pages

Hello, I'm not sure if this was actually meant to be made public on purpose, but I was looking through some of the sources that were loaded and found out the following: https://imgur.com/ - See ██████ s.imgur.com - desktop-assets - js contains multiple minified JS files as one would usually expec...

Hacker Steals & Leaks Xbox Series X GPU Source Code

By Waqas The unknown hacker contacted AMD with information about stolen Xbox Series X Source Code and later leaked it on Github. This is a post from HackRead.com Read the original post: Hacker Steals & Leaks Xbox Series X GPU Source Code...

hitconDockerfile

This repository is an offensive tool for web application exploitation. It contains a collection of web challenges created by the user "Pr0phet" for the HITCON CTF Capture The Flag series. The challenges are designed to test various web application vulnerabilities, including SQL injection, SSRF...

CVE-2019-15653

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...

Design/Logic Flaw

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...

ManageEngine Applications Manager License Key Disclosure

License key disclosure vulnerability in ManageEngine Applications Manager Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

FreeBSD-SA-20:07.epair

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:07.epair Security Advisory The FreeBSD Project Topic: Incorrect user-controlled pointer use in epair Category: core Module: kernel Announced: 2020-03-19...

FreeBSD-SA-20:08.jail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:08.jail Security Advisory The FreeBSD Project Topic: Kernel memory disclosure with nested jails Category: core Module: kern Announced: 2020-03-19 Credits:...

FreeBSD-SA-20:09.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:09.ntp Security Advisory The FreeBSD Project Topic: Multiple denial of service in ntpd Category: contrib Module: ntp Announced: 2020-03-19 Credits: Philippe...

shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. Based on the work on massdns project by @blechschmidt. Features Simple and modular code ba...

Razer: Source Code Disclosure

The tester discovered a PHP file with source code exposed. There was no known exploit...

Cross site request forgery (csrf)

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...

CVE-2020-10105

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...

CVE-2020-10105

Affected product/version: Zammad 3.0–3.2. Vulnerability: An issue causes the server to return the source code of static resources when handling an OPTIONS request instead of a GET request. Specifically, the 404.html file under /zammad/public/404.html is disclosed. Impact (as stated): Disclosure o...