Securing our approach to domain fronting within Azure

Every single day our teams analyze the trillions of signals we see to understand attack vectors, and then take those learnings and apply them to our products and solutions. Having that understanding of the threat landscape is key to ensuring our customers are kept safe every day. However, being a...

Who has the fastest F1 website in 2021? Part 2

Ohhh, you've come back for more? Excellent. I was worried it was just going to be me sat here, typing to myself. This is part 2 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10...

Smogcloud - Find Cloud Assets That No One Wants Exposed

Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral...

CVE-2021-1391 Cisco IOS and IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker...

CVE-2021-1391 Cisco IOS and IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker...

Cisco IOS and IOS XE Software Privilege Escalation Vulnerability

A vulnerability in the dragonite debugger of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on t...

Exploit for SQL Injection in Zabbix

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary purpose of Vulhub is to provide a simple and convenient way to test and demonstra...

Fedora: Security Advisory for python3.10 (FEDORA-2021-5a09621ebb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: python3.10-3.10.0~a6-1.fc34

Python 3.10 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.10, update your Fedora to a newer version once Python 3.10 is stable...

Exploit for Unrestricted Upload of File with Dangerous Type in Cutephp Cutenews

CVE-2019-11447 Exploit/PoC - CuteNews 2.1.2 Avatar upload RCE...

On the Insecurity of ES&S Voting Machines’ Hash Code

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&Ss software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the "reference hashcode" is completely missing, then itll say "yes, boss, everything is fine" instead of reporting an error...

pocsuite3

This is a Python package called pocsuite3, which is a remote vulnerability testing and proof-of-concept development framework. It is developed by the Knownsec 404 Team and comes with a powerful proof-of-concept engine, many powerful features for the ultimate penetration testers and security...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC exploit for CVE-2021-3156, a vulnerability in the GNU C Library glibc that allows for a buffer overflow attack. The exploit is written in C and is designed to work on Ubuntu 18.04 and 20.04 systems. The exploit creates a malicious shared library, "libnssX.so.2", that is designed to ...

COVID-19 testing service in US exposes patients’ photos, passports

By Habiba Rashid COVID-19 testing service in the State of Utah stored passport scans and other highly personal data on unsecured Amazon S3 buckets. This is a post from HackRead.com Read the original post: COVID-19 testing service in US exposes patients photos, passports...

Fedora: Security Advisory for rubygem-actionpack (FEDORA-2021-b571fca1b8)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: rubygem-actionpack-6.0.3.4-2.fc33

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

vulhub

It is an offensive tool for vulnerable environments. The repository contains pre-built vulnerable environments based on Docker-Compose. The tool is designed to provide a simple way to create and manage vulnerable environments for testing and training purposes. The target product/service or...

SQL Injection Vulnerability in Schoolfree Psychological Assessment System (CNVD-2021-23552)

School Worry Free Psychological Assessment System is a platform that enables online mental health testing and diagnosis through the Internet. SQL injection vulnerability exists in School Worry-free Psychological Assessment System, which can be exploited by attackers to obtain sensitive informatio...

SQL Injection Vulnerability in Schoolfree Psychological Assessment System (CNVD-2021-23551)

School Worry Free Psychological Assessment System is a platform that enables online mental health testing and diagnosis through the Internet. SQL injection vulnerability exists in School Worry-free Psychological Assessment System, which can be exploited by attackers to obtain sensitive informatio...

[SECURITY] Fedora 33 Update: python3.10-3.10.0~a6-1.fc33

Python 3.10 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.10, update your Fedora to a newer version once Python 3.10 is stable...