All Activity
- Past hour
-
bahmortika joined the community
- Today
-
Event Management version 1.0 suffers from a remote SQL injection vulnerability.View the full article
-
The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.View the full article
-
The Pshka joined the community
-
The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.View the full article
-
FusionPBX suffers from a session fixation vulnerability.View the full article
-
Purei CMS version 1.0 suffers from a remote SQL injection vulnerability.View the full article
-
LMS PHP version 1.0 suffers from a remote SQL injection vulnerability.View the full article
-
0her0 joined the community
-
ratdummi started following how can we bypass playprotect
-
username000000 joined the community
-
zinnu556 started following 800GB+ Collection Of IT Stuff
-
lovox joined the community
-
zinnu556 started following Wireshark 101: Packet Analysis Essentials
-
zinnu556 joined the community
-
Guille0254 joined the community
-
OTRABIKHUBchanged their profile photo -
lthfsm changed their profile photo
-
chico1212 started following StealerChecker by Temnij v9.2
-
chico1212 joined the community
- Yesterday
-
ZeroDayF34r started following DWG FastView-CAD Viewer
-
You can search game you want ..Like Mortal Kombat,Injustice,STAR WARS etc.. Also account:password is above like in the picture Don't Leach <3 ENJOY !! [hide][Hidden Content]]
-
Don't Leach ❤️ [hide][Hidden Content]]
-
Don't Leach <3 ENJOY !! [hide][Hidden Content]]
-
🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard) Introduction 📢 BlueDucky is a powerful tool for exploiting a vulnerability in Bluetooth devices. By running this script, you can: 📡 Load saved Bluetooth devices that are no longer visible but have Bluetooth still enabled. 📂 Automatically save any devices you scan. 💌 Send messages via ducky script format to interact with devices. I've successfully run this on a Raspberry Pi 4 using the default Bluetooth module. It works against various phones, with an interesting exception for a New Zealand brand, Vodafone. Installation and Usage 🛠️ Setup Instructions # update apt sudo apt-get update sudo apt-get -y upgrade # install dependencies from apt sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev \ git gcc python3-pip python3-setuptools \ python3-pydbus # install pybluez from source git clone [Hidden Content] cd pybluez sudo python3 setup.py install # build bdaddr from the bluez source cd ~/ git clone --depth=1 [Hidden Content] gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth sudo cp bdaddr /usr/local/bin/ Running BlueDucky [Hidden Content] Operational Steps 🕹️ On running, it prompts for the target MAC address. Pressing nothing triggers an automatic scan for devices. Devices previously found are stored in known_devices.txt. If known_devices.txt exists, it checks this file before scanning. Executes using payload.txt file. Successful execution will result in automatic connection and script running. Download: [hide][Hidden Content]] Mirror: [hide][Hidden Content]]
-
This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.View the full article
-
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.View the full article
-
A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.View the full article
-
Payload-Based Approach (GitHub Project): There’s a GitHub project called Bypass-G-Protect that aims to bypass Google Play Protect. The steps involve building an Android payload, installing it (even if Play Protect detects it as unsafe), deleting the payload, changing the Target Sdk to ‘39’ or above using an Android editor app, and then reinstalling the payload .
-
[Hidden Content]
-
[Hidden Content]
-
[Hidden Content]