PrestaShop Back Office Remote Code Execution (CVE-2018-19126)
https://ift.tt/2zK83tI
Submitted December 06, 2018 at 09:32PM by fariskhi
via reddit https://ift.tt/2L4dPuA
https://ift.tt/2zK83tI
Submitted December 06, 2018 at 09:32PM by fariskhi
via reddit https://ift.tt/2L4dPuA
GitHub
farisv/PrestaShop-CVE-2018-19126
PrestaShop (1.6.x <= 1.6.1.23 or 1.7.x <= 1.7.4.4.) Back Office Remote Code Execution (CVE-2018-19126) - farisv/PrestaShop-CVE-2018-19126
Pwning JBoss Seam 2 like a boss
https://ift.tt/2Uldt6Z
Submitted December 06, 2018 at 09:11PM by bsilvascores
via reddit https://ift.tt/2PkpdTy
https://ift.tt/2Uldt6Z
Submitted December 06, 2018 at 09:11PM by bsilvascores
via reddit https://ift.tt/2PkpdTy
Medium
Pwning JBoss Seam 2 like a boss
I haven’t been writing for a long time, so I finally decided to write about a cool (old) story with JBoss.
HTTPS in the real world
https://ift.tt/2zSpZlZ
Submitted December 06, 2018 at 08:48PM by businesstrout
via reddit https://ift.tt/2rn6tsP
https://ift.tt/2zSpZlZ
Submitted December 06, 2018 at 08:48PM by businesstrout
via reddit https://ift.tt/2rn6tsP
Robert Heaton
HTTPS in the real world | Robert Heaton
In cryptography, trust is mathematically provable. Everything else is just faith.
Implementation of the OWASP Mobile TOP 10 methodology for testing Android applications
https://ift.tt/2REiB4j
Submitted December 06, 2018 at 10:56PM by _vavkamil_
via reddit https://ift.tt/2QgsLM0
https://ift.tt/2REiB4j
Submitted December 06, 2018 at 10:56PM by _vavkamil_
via reddit https://ift.tt/2QgsLM0
hub.hacken.io
Implementation of the OWASP Mobile TOP 10 methodology for testing Android applications
Mobile devices are subject to numerous security discussions. We at Hacken decided to address the OWASP Mobile TOP 10 methodology in order to demonstrate the process of conducting vulnerability analysis for mobile applications.
Automating Data Flow Diagram Management with Terraform
https://ift.tt/2zOumyb
Submitted December 07, 2018 at 12:15AM by hammertime00
via reddit https://ift.tt/2zKhF7w
https://ift.tt/2zOumyb
Submitted December 07, 2018 at 12:15AM by hammertime00
via reddit https://ift.tt/2zKhF7w
The View from Marqeta
Threat Models at the Speed of DevOps
Automating Data Flow Diagram Management with Terraform
XSS to XXE in PrinceXML v10 and below
https://ift.tt/2zKzyDs
Submitted December 07, 2018 at 01:28AM by sxcurity
via reddit https://ift.tt/2SsDEXw
https://ift.tt/2zKzyDs
Submitted December 07, 2018 at 01:28AM by sxcurity
via reddit https://ift.tt/2SsDEXw
www.corben.io
XSS to XXE in Prince v10 and below (CVE-2018-19858)
Introduction:
This is a vulnerability I found while participating in a bug-bounty program earlier this year. It affects Prince, a software that converts “HTML, XHTML, or one of the many XML-based document formats” to PDF.
This is a vulnerability I found while participating in a bug-bounty program earlier this year. It affects Prince, a software that converts “HTML, XHTML, or one of the many XML-based document formats” to PDF.
Kubernetes PoC exploit for CVE-2018-1002105.
I created a Proof-of-Concept exploit for the Kubernetes bug that was published recently. You can find it here: https://github.com/evict/poc_CVE-2018-1002105.It requires the
Submitted December 06, 2018 at 08:21PM by _evict
via reddit https://ift.tt/2EheTuj
I created a Proof-of-Concept exploit for the Kubernetes bug that was published recently. You can find it here: https://github.com/evict/poc_CVE-2018-1002105.It requires the
exec permission on at least one pod. The payload dumps the contents of the etcd pod.Submitted December 06, 2018 at 08:21PM by _evict
via reddit https://ift.tt/2EheTuj
GitHub
GitHub - evict/poc_CVE-2018-1002105: PoC for CVE-2018-1002105.
PoC for CVE-2018-1002105. Contribute to evict/poc_CVE-2018-1002105 development by creating an account on GitHub.
France might be losing its first big information war
https://ift.tt/2L15Nm9
Submitted December 07, 2018 at 04:44AM by liotier
via reddit https://ift.tt/2Pl9ROE
https://ift.tt/2L15Nm9
Submitted December 07, 2018 at 04:44AM by liotier
via reddit https://ift.tt/2Pl9ROE
Just another infosec blog type of thing
France might be losing its first big information war
Foreign propagandists are getting a strong foothold in France, and the traditional media can’t fight it
aclpwn.py: Active Directory ACL exploitation with BloodHound
https://ift.tt/2RCQvXl
Submitted December 07, 2018 at 02:07PM by digicat
via reddit https://ift.tt/2RHBhjx
https://ift.tt/2RCQvXl
Submitted December 07, 2018 at 02:07PM by digicat
via reddit https://ift.tt/2RHBhjx
GitHub
fox-it/aclpwn.py
Active Directory ACL exploitation with BloodHound. Contribute to fox-it/aclpwn.py development by creating an account on GitHub.
Facebook engineers discovered technique of adding read call log/SMS permissions during an app update without notifying the user. Was used in a production release (x-post /r/programming)
https://ift.tt/2Qlnti7
Submitted December 07, 2018 at 04:07PM by nakilon
via reddit https://ift.tt/2PtEQbu
https://ift.tt/2Qlnti7
Submitted December 07, 2018 at 04:07PM by nakilon
via reddit https://ift.tt/2PtEQbu
reddit
r/netsec - Facebook engineers discovered technique of adding read call log/SMS permissions during an app update without notifying…
3 votes and 1 comment so far on Reddit
PHP Malware Examination Part 2
https://ift.tt/2BWHTFq
Submitted December 07, 2018 at 03:16PM by phpsystems
via reddit https://ift.tt/2B0JiJc
https://ift.tt/2BWHTFq
Submitted December 07, 2018 at 03:16PM by phpsystems
via reddit https://ift.tt/2B0JiJc
blog.manchestergreyhats.co.uk
PHP Malware Examination Part 2
Remote code execution with EL injection
https://ift.tt/2G4EPey
Submitted December 07, 2018 at 04:59PM by geekadi
via reddit https://ift.tt/2L2O0Lg
https://ift.tt/2G4EPey
Submitted December 07, 2018 at 04:59PM by geekadi
via reddit https://ift.tt/2L2O0Lg
Betterhacker
RCE in Hubspot with EL injection in HubL
This is the story of how I was able to get remote code execution on Hubspot 's servers by exploiting a vulnerability in HubL expression la...
AndroidProjectCreator release (version 1.0-stable)
https://ift.tt/2Qk2c8q
Submitted December 07, 2018 at 06:44PM by ThisIsLibra
via reddit https://ift.tt/2PnHwal
https://ift.tt/2Qk2c8q
Submitted December 07, 2018 at 06:44PM by ThisIsLibra
via reddit https://ift.tt/2PnHwal
How to steal Ethers: scanning for vulnerable smart contracts
https://ift.tt/2G2vELq
Submitted December 07, 2018 at 09:03PM by palkeo
via reddit https://ift.tt/2BXV9JX
https://ift.tt/2G2vELq
Submitted December 07, 2018 at 09:03PM by palkeo
via reddit https://ift.tt/2BXV9JX
reddit
r/netsec - How to steal Ethers: scanning for vulnerable smart contracts
2 votes and 0 comments so far on Reddit
WebKit-RegEx-Exploit - Safari on iOS and MacOS
https://ift.tt/2QG0qOp
Submitted December 07, 2018 at 11:37PM by alxjsn
via reddit https://ift.tt/2QiGkuq
https://ift.tt/2QG0qOp
Submitted December 07, 2018 at 11:37PM by alxjsn
via reddit https://ift.tt/2QiGkuq
GitHub
LinusHenze/WebKit-RegEx-Exploit
Contribute to LinusHenze/WebKit-RegEx-Exploit development by creating an account on GitHub.
Polkit privilege escalation for users with larger UIDs
https://ift.tt/2Rw4G0e
Submitted December 07, 2018 at 11:58PM by kulinacs
via reddit https://ift.tt/2zKbLmL
https://ift.tt/2Rw4G0e
Submitted December 07, 2018 at 11:58PM by kulinacs
via reddit https://ift.tt/2zKbLmL
reddit
r/netsec - Polkit privilege escalation for users with larger UIDs
1 vote and 0 comments so far on Reddit
Responder - tool to perform exploitation in Windows Active Directory Environment
https://ift.tt/2B10WwJ
Submitted December 08, 2018 at 11:49AM by indishell1046
via reddit https://ift.tt/2QjespL
https://ift.tt/2B10WwJ
Submitted December 08, 2018 at 11:49AM by indishell1046
via reddit https://ift.tt/2QjespL
GitHub
incredibleindishell/Windows-AD-environment-related
This Repository contains the stuff related to windows Active directory environment exploitation - incredibleindishell/Windows-AD-environment-related
Smart Contract Auditing: Human vs. Machine
https://ift.tt/2UeXHdM
Submitted December 08, 2018 at 05:55PM by arrowflakes
via reddit https://ift.tt/2QJEceo
https://ift.tt/2UeXHdM
Submitted December 08, 2018 at 05:55PM by arrowflakes
via reddit https://ift.tt/2QJEceo
CoinFabrik Blog
Smart Contract Auditing: Human vs. Machine - CoinFabrik Blog
3 3SharesIn this article we are benchmarking several auditing tools. The smart contract security audit is a critical phase in the development of smart contracts. The DAO hack was just one trip in the odyssey to secure Ethereum smart contracts and compatible…
RCE in PHP or how to bypass disable_functions in PHP installations (CVE-2018–19518)
https://ift.tt/2RPQ38h
Submitted December 08, 2018 at 11:09PM by i_bo0om
via reddit https://ift.tt/2Qi5TM2
https://ift.tt/2RPQ38h
Submitted December 08, 2018 at 11:09PM by i_bo0om
via reddit https://ift.tt/2Qi5TM2
Wallarm
RCE in PHP or how to bypass disable_functions in PHP installations
Today we will explore an exciting method to remotely execute code even if an administrator set disable_functions in the PHP configuration…
Bypassing Authentication Using Javanoscript Debugger.
https://ift.tt/2QIUnsr
Submitted December 08, 2018 at 11:32PM by beyonderdabas
via reddit https://ift.tt/2BYe7jN
https://ift.tt/2QIUnsr
Submitted December 08, 2018 at 11:32PM by beyonderdabas
via reddit https://ift.tt/2BYe7jN
Mohit Dabas's Blog
Bypassing Authentication Using Javanoscript Debugger.
So I was checking a website and tried to test it for flaws just a general thing nothing new. I targeted the login mechanism. I saw while clicking on it. It was generating javanoscript events. …
Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)
https://ift.tt/2Putx2C
Submitted December 09, 2018 at 02:42PM by reddit_read_today
via reddit https://ift.tt/2Ejtc1L
https://ift.tt/2Putx2C
Submitted December 09, 2018 at 02:42PM by reddit_read_today
via reddit https://ift.tt/2Ejtc1L
Twistlock
Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit) | Twistlock
Earlier this week a major vulnerability in Kubernetes was made public by its maintainers. It was originally caught as a bug by Darren Shepherd and was later marked as a critical vulnerability and assigned CVE-2018-1002105. Its implications were clearly laid…