Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 3)
https://ift.tt/xQ0ZJfW

Submitted September 30, 2024 at 01:13PM by cfambionics
via reddit https://ift.tt/IynMAPS

Finding classes for exploiting Unsafe Reflection vulnerabilities in Java with Joern
https://ift.tt/7vYLR5i

Submitted September 30, 2024 at 09:15PM by sercurity
via reddit https://ift.tt/Upo0KFC

WhoYouCalling - A tool to get a pcap per process and much more!
https://ift.tt/scpuPtM

Submitted September 30, 2024 at 01:51AM by Radiant-Savings-7114
via reddit https://ift.tt/uqCz9na

Vesta Admin Takeover: Exploiting Reduced Seed Entropy in bash $RANDOM
https://ift.tt/5x0BaSF

Submitted October 01, 2024 at 02:49PM by adrian_rt
via reddit https://ift.tt/qdR8wnl

Exploiting trust: Weaponizing permissive CORS configurations
https://ift.tt/pu3ZYAW

Submitted October 01, 2024 at 07:19PM by AlmondOffSec
via reddit https://ift.tt/QpNTwaG

Zimbra - Remote Command Execution (CVE-2024-45519)
https://ift.tt/D0IpRZq

Submitted October 01, 2024 at 07:18PM by AlmondOffSec
via reddit https://ift.tt/XQNYuhB

Exploiting AMD atdcm64a.sys arbitrary pointer dereference - Part 2
https://ift.tt/M0S16yw

Submitted October 02, 2024 at 01:39PM by 0xdea
via reddit https://ift.tt/a1q04Lk

HTTP Parameter Pollution in 2024!
https://ift.tt/RxNgWVm

Submitted October 02, 2024 at 02:02PM by AlmondOffSec
via reddit https://ift.tt/6QdZKr1

Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges
https://ift.tt/dZWAeVG

Submitted October 02, 2024 at 11:24PM by nibblesec
via reddit https://ift.tt/H18GT4z

Reverse Engineering and Dismantling Kekz Headphones
https://ift.tt/hSNziT5

Submitted October 03, 2024 at 01:21AM by doitsukara
via reddit https://ift.tt/HmsuvUL

When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
https://ift.tt/F4N8Yo9

Submitted October 03, 2024 at 07:28PM by permis0
via reddit https://ift.tt/wljvYGQ

/r/netsec's Q4 2024 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)

Submitted October 03, 2024 at 09:19PM by netsec_burn
via reddit https://ift.tt/mF0EjOV

Pwning LLaMA.cpp RPC Server with CVE-2024-42478 and CVE-2024-42479
https://ift.tt/GqY5c4d

Submitted October 04, 2024 at 05:43AM by pwntheplanet
via reddit https://ift.tt/kmeOfpQ

Built your portable pentesting lab with Pi-Tail that is controlled only by your smartphone
https://ift.tt/xzwJDYT

Submitted October 04, 2024 at 12:53PM by barakadua131
via reddit https://ift.tt/g1yW2iF

Exploiting Visual Studio via dump files - CVE-2024-30052
https://ift.tt/pLtaigY

Submitted October 05, 2024 at 02:05AM by goodbyeselene
via reddit https://ift.tt/Dx4baQO

The PrintNightmare is not Over Yet
https://ift.tt/NF5Acoz

Submitted October 05, 2024 at 06:39PM by AlmondOffSec
via reddit https://ift.tt/DfJvltV

New free 10h OpenSecurityTraining2 class: "Trusted Computing 1102: Intermediate Trusted Platform Module (TPM) usage" by Dimi Tomov is now released
https://ost2.fyi/TC1102

Submitted October 06, 2024 at 05:08PM by OpenSecurityTraining
via reddit https://ift.tt/vmGjH8c

Hacking Windows through iTunes  - Local Privilege Escalation 0-day (CVE-2024–44193)
https://ift.tt/2Ly61rN

Submitted October 07, 2024 at 05:29PM by Titokhan
via reddit https://ift.tt/uoT4Pv0

Monocle on Chronicles - Talkback automated infosec aggregator with a newsletter
https://ift.tt/Tac7pen

Submitted October 08, 2024 at 02:47PM by AnimalStrange
via reddit https://ift.tt/c3doK96

Docker Zombie Layers: Why Deleted Layers Can Still Haunt You
https://ift.tt/4LROQvZ

Submitted October 08, 2024 at 04:44PM by guedou
via reddit https://ift.tt/jWY5gE3

Open Sourcing Venator – a kubernetes-native threat detection system
https://ift.tt/zTjVHva

Submitted October 08, 2024 at 04:38PM by No_Piccolo_6303
via reddit https://ift.tt/6QrbD8s