Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

All Activity

This stream auto-updates

  1. Past hour
  2. Today
  3. Event Management version 1.0 suffers from a remote SQL injection vulnerability.View the full article
  4. The util-linux wall command does not filter escape sequences from command line arguments. The vulnerable code was introduced in commit cdd3cc7fa4 (2013). Every version since has been vulnerable. This allows unprivileged users to put arbitrary text on other users terminals, if mesg is set to y and wall is setgid. CentOS is not vulnerable since wall is not setgid. On Ubuntu 22.04 and Debian Bookworm, wall is both setgid and mesg is set to y by default.View the full article
  5. The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection.View the full article
  6. FusionPBX suffers from a session fixation vulnerability.View the full article
  7. Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.View the full article
  8. Purei CMS version 1.0 suffers from a remote SQL injection vulnerability.View the full article
  9. Workout Journal App version 1.0 suffers from a persistent cross site scripting vulnerability.View the full article
  10. LMS PHP version 1.0 suffers from a remote SQL injection vulnerability.View the full article
  11. Asterisk AMI version 18.20.0 suffers from authenticated partial file content and path disclosure vulnerabilities.View the full article
  12. Siklu MultiHaul TG Series versions prior to 2.0.0 suffer from an unauthenticated credential disclosure vulnerability.View the full article
  13. RouterOS versions 6.40.5 through 6.44 and 6.48.1 through 6.49.10 suffers from a denial of service vulnerability.View the full article
  14. NodeBB version 3.6.7 suffers from a broken access control that lets attackers via data only meant for an administrator.View the full article
  15. WinRAR version 6.22 suffers from a remote code execution vulnerability via a malicious zip archive.View the full article
  16. Yesterday
  17. You can search game you want ..Like Mortal Kombat,Injustice,STAR WARS etc.. Also account:password is above like in the picture Don't Leach <3 ENJOY !! [hide][Hidden Content]]
  18. Don't Leach ❤️ [hide][Hidden Content]]
  19. Don't Leach <3 ENJOY !! [hide][Hidden Content]]
  20. 🚨 CVE-2023-45866 - BlueDucky Implementation (Using DuckyScript) 🔓 Unauthenticated Peering Leading to Code Execution (Using HID Keyboard) Introduction 📢 BlueDucky is a powerful tool for exploiting a vulnerability in Bluetooth devices. By running this script, you can: 📡 Load saved Bluetooth devices that are no longer visible but have Bluetooth still enabled. 📂 Automatically save any devices you scan. 💌 Send messages via ducky script format to interact with devices. I've successfully run this on a Raspberry Pi 4 using the default Bluetooth module. It works against various phones, with an interesting exception for a New Zealand brand, Vodafone. Installation and Usage 🛠️ Setup Instructions # update apt sudo apt-get update sudo apt-get -y upgrade # install dependencies from apt sudo apt install -y bluez-tools bluez-hcidump libbluetooth-dev \ git gcc python3-pip python3-setuptools \ python3-pydbus # install pybluez from source git clone [Hidden Content] cd pybluez sudo python3 setup.py install # build bdaddr from the bluez source cd ~/ git clone --depth=1 [Hidden Content] gcc -o bdaddr ~/bluez/tools/bdaddr.c ~/bluez/src/oui.c -I ~/bluez -lbluetooth sudo cp bdaddr /usr/local/bin/ Running BlueDucky [Hidden Content] Operational Steps 🕹️ On running, it prompts for the target MAC address. Pressing nothing triggers an automatic scan for devices. Devices previously found are stored in known_devices.txt. If known_devices.txt exists, it checks this file before scanning. Executes using payload.txt file. Successful execution will result in automatic connection and script running. Download: [hide][Hidden Content]] Mirror: [hide][Hidden Content]]
  21. This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.View the full article
  22. This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.View the full article
  23. A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.View the full article
  24. Payload-Based Approach (GitHub Project): There’s a GitHub project called Bypass-G-Protect that aims to bypass Google Play Protect. The steps involve building an Android payload, installing it (even if Play Protect detects it as unsafe), deleting the payload, changing the Target Sdk to ‘39’ or above using an Android editor app, and then reinstalling the payload .
  25. View File Desbloquear y Extraer Datos | Forensic | Android, iPhone and Computer Download: Free download for users PRIV8 Submitter dEEpEst Submitted 03/27/2024 Category Online Book Password ********  
  26. 1 download

    Download: Free download for users PRIV8
    From $110 PRIV8
  1. Load more activity
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.