ysoserial

This is a Java tool called ysoserial, which generates payloads that exploit unsafe Java object deserialization. The tool is designed to create gadgets that can be used to execute arbitrary code on a Java application that performs unsafe deserialization. The tool takes a user-specified command and...

MTN Group: Missing captcha and rate limit protection in help form

Hello One of your form that you are using to receive help message from users, lack captcha and its backend/server does not block massive request. The page is https://mtn.cm/fr/help/ Steps To Reproduce: 1. Visit https://mtn.cm/fr/help/ and fill all the field and submit. 2. Intercept the request wi...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary purpose of Vulhub is to provide a simple and easy-to-use platform f...

The vulnerability of Huawei’s microprogrammed router software, related to insufficient validation of input data, allows a hacker to trigger a service failure.

The vulnerability of Huawei’s microprogrammed router software is related to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the DECnet Phase IV and DECnet/OSI operating systems of Cisco IOS XE allows a attacker to cause a service failure or trigger a device restart.

The vulnerability of the DECnet Phase IV and DECnet/OSI operating systems of Cisco IOS XE exists due to insufficient testing of incoming traffic. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause service failure...

The vulnerability of Huawei’s microprogrammed router software, related to insufficient validation of input data, allows a hacker to trigger a service failure.

The vulnerability of Huawei’s microprogrammed router software is related to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Exploit for CVE-2013-0422

K8tools 20200118 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 Ladon 6.0 大型内网渗透扫描神器内置48个功能,支持Cobalt Strike + 扫描工具 Ladon 5.7...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability class is not specified, but the repository contains various vulnerable environments, including web applications, databases, and...

PayloadsAllTheThings

It is an offensive tool for general-purpose. This repository contains a collection of payloads, likely for testing and exploitation purposes. The primary CVE ID is not explicitly mentioned, but the repository is likely related to various vulnerabilities. The target product/service or framework is...

11 Useful Security Tips for Securing Your AWS Environment

Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to...

11 Useful Security Tips for Securing Your AWS Environment

Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run smoothly. Read on to...

Impossible to call withdrawReward fails due to run out of gas

Handle s1m0 Vulnerability details Impact The withdrawReward fails due to the loop at . From my testing the dayDiff would be 18724 and with a gasLimit of 9500000 it stops at iteration 270 due to the fact that lastUpdatedDay is not initialized so is 0. Other than that it could run out of gas also f...

Closing the technical gap with resiliency pen testing

Organizations across all industries are watching and weighing the real impact and cost of security breaches as they look to budget security spending for 2021. While remote operations are becoming the norm, threat actors have no intention of slowing down their efforts. Instead, they are taking ful...

School Registration And Fee System 1.0 Cross Site Scripting

Exploit Title: School Registration and Fee System | Multiple Stored Cross Site Scripting Exploit Author: Richard Jones Date: 01-04-2021 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/10932/school-registration-and-fee-system.html Version: 1.0...

Getting started with ZAP and the OWASP top 10: common questions

I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the email, I asked if I could repost it here because I...

How to build a successful application security program

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

Cisco IOS XE Software Privilege Escalation (cisco-sa-XE-FSM-Yj8qJbJc)

According to its self-reported version, Cisco IOS-XE Software is affected by a software privilege escalation vulnerability. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassi...

Cisco IOS Software Privilege Escalation (cisco-sa-XE-FSM-Yj8qJbJc)

According to its self-reported version, Cisco IOS Software is affected by a software privilege escalation vulnerability. A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The...

BadOutlook - (Kinda) Malicious Outlook Reader

A simple PoC which leverages the Outlook Application Interface COM Interface to execute shellcode on a system based on a specific trigger subject line. By utilizing the Microsoft.Office.Interop.Outlook namespace, developers can represent the entire Outlook Application or at least according to...

Securing our approach to domain fronting within Azure

Every single day our teams analyze the trillions of signals we see to understand attack vectors, and then take those learnings and apply them to our products and solutions. Having that understanding of the threat landscape is key to ensuring our customers are kept safe every day. However, being a...