RCE in PHP or how to bypass disable_functions in PHP installations (CVE-2018–19518)
https://ift.tt/2RPQ38h
Submitted December 08, 2018 at 11:09PM by i_bo0om
via reddit https://ift.tt/2Qi5TM2
https://ift.tt/2RPQ38h
Submitted December 08, 2018 at 11:09PM by i_bo0om
via reddit https://ift.tt/2Qi5TM2
Wallarm
RCE in PHP or how to bypass disable_functions in PHP installations
Today we will explore an exciting method to remotely execute code even if an administrator set disable_functions in the PHP configuration…
Bypassing Authentication Using Javanoscript Debugger.
https://ift.tt/2QIUnsr
Submitted December 08, 2018 at 11:32PM by beyonderdabas
via reddit https://ift.tt/2BYe7jN
https://ift.tt/2QIUnsr
Submitted December 08, 2018 at 11:32PM by beyonderdabas
via reddit https://ift.tt/2BYe7jN
Mohit Dabas's Blog
Bypassing Authentication Using Javanoscript Debugger.
So I was checking a website and tried to test it for flaws just a general thing nothing new. I targeted the login mechanism. I saw while clicking on it. It was generating javanoscript events. …
Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)
https://ift.tt/2Putx2C
Submitted December 09, 2018 at 02:42PM by reddit_read_today
via reddit https://ift.tt/2Ejtc1L
https://ift.tt/2Putx2C
Submitted December 09, 2018 at 02:42PM by reddit_read_today
via reddit https://ift.tt/2Ejtc1L
Twistlock
Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit) | Twistlock
Earlier this week a major vulnerability in Kubernetes was made public by its maintainers. It was originally caught as a bug by Darren Shepherd and was later marked as a critical vulnerability and assigned CVE-2018-1002105. Its implications were clearly laid…
FreeRTOS tcpip vulnerabilities - Whitepaper
https://ift.tt/2PleesS
Submitted December 10, 2018 at 03:24AM by IamNullByte
via reddit https://ift.tt/2G4Owtd
https://ift.tt/2PleesS
Submitted December 10, 2018 at 03:24AM by IamNullByte
via reddit https://ift.tt/2G4Owtd
Zimperium Mobile Security Blog
FreeRTOS TCP/IP Stack Vulnerabilities - The Details | Zimperium Mobile Security Blog
Researcher: Ori Karliner (@oriHCX) Following our blog from last month, this blog will cover the technical details of our findings. If you suspect that any of your devices are affected by these vulnerabilities and want our assessment, contact us at freert…
Automating Simple Buffer Overflow with Winappdbg and Python -part 1
https://ift.tt/2L4Ci2G
Submitted December 10, 2018 at 10:09AM by beyonderdabas
via reddit https://ift.tt/2RSJmSU
https://ift.tt/2L4Ci2G
Submitted December 10, 2018 at 10:09AM by beyonderdabas
via reddit https://ift.tt/2RSJmSU
Mohit Dabas's Blog
Automating Simple Buffer Overflow with Winappdbg and Python -part 1
Last night I did try to automate simple overflow with windbg but there were some problems with the exception handling .so I want to choose a more programmable debugger but this time I need a more d…
[Jenkins] Code execution through crafted URLs
https://ift.tt/2Eelhm7
Submitted December 10, 2018 at 02:01PM by 6793746895F62C0E447A
via reddit https://ift.tt/2B5eO94
https://ift.tt/2Eelhm7
Submitted December 10, 2018 at 02:01PM by 6793746895F62C0E447A
via reddit https://ift.tt/2B5eO94
reddit
r/netsec - [Jenkins] Code execution through crafted URLs
3 votes and 0 comments so far on Reddit
Study finds 5 out of 17 tested CAs underpinning web security are vulnerable to spoofed Domain Validation via IP fragmentation attack
https://ift.tt/2B6dcMp
Submitted December 11, 2018 at 08:39AM by SushiAndWoW
via reddit https://ift.tt/2zQWpgq
https://ift.tt/2B6dcMp
Submitted December 11, 2018 at 08:39AM by SushiAndWoW
via reddit https://ift.tt/2zQWpgq
The Daily Swig | Web security digest
CAs exposed as a weak point in web crypto
Study finds five in 17 Certificate Authorities vulnerable to IP fragmentation attack
Catalonia detects that there still are a great number of attacks to banks and criptocurrency exchange platforms
https://ift.tt/2L9WWhV
Submitted December 11, 2018 at 06:09PM by jpjourno
via reddit https://ift.tt/2Pz7I25
https://ift.tt/2L9WWhV
Submitted December 11, 2018 at 06:09PM by jpjourno
via reddit https://ift.tt/2Pz7I25
Centre de Seguretat de la Informació de Catalunya
Digital fraud
Third topic of the campaign 'Practica els hàbits cibersaludables'
Persistent XSRF on Kubernetes Dashboard using Redhat Keycloak Gatekeeper on Microsof Azure
https://ift.tt/2Gd8PF4
Submitted December 11, 2018 at 07:30PM by asanso
via reddit https://ift.tt/2rwuqxZ
https://ift.tt/2Gd8PF4
Submitted December 11, 2018 at 07:30PM by asanso
via reddit https://ift.tt/2rwuqxZ
Intothesymmetry
Persistent XSRF on Kubernetes Dashboard using Redhat Keycloak Gatekeeper on Microsof Azure
tl;dr I found an XSRF in the OAuth implementation of Redhat Keycloak Gatekeeper . This would be a bit worse for people using Gatekeeper t...
How I could steal your photos from Google - my first 3 bug bounty writeups
https://ift.tt/2QOu7wE
Submitted December 11, 2018 at 08:18PM by -G3R1-
via reddit https://ift.tt/2QqnWjj
https://ift.tt/2QOu7wE
Submitted December 11, 2018 at 08:18PM by -G3R1-
via reddit https://ift.tt/2QqnWjj
Avatao
How I could steal your photos from Google - my first 3 bug bounty writeups
IT security is a really huge topic and until you find your first bug you can’t be sure that you...
Logically Bypassing Browser Security Boundaries
https://youtu.be/B5ZyYTKp4gc
Submitted December 11, 2018 at 09:44PM by albinowax
via reddit https://ift.tt/2GczWQv
https://youtu.be/B5ZyYTKp4gc
Submitted December 11, 2018 at 09:44PM by albinowax
via reddit https://ift.tt/2GczWQv
YouTube
Logically Bypassing Browser Security Boundaries
This talk was presented at bugSWAT. Slide is at https://speakerdeck.com/shhnjk/logically-bypassing-browser-security-boundaries
Talk features:
Password manager issue with iframe/CSP sandbox
https://crbug.com/825258, https://bugzilla.mozilla.org/show_bug.cgi?id=1426767…
Talk features:
Password manager issue with iframe/CSP sandbox
https://crbug.com/825258, https://bugzilla.mozilla.org/show_bug.cgi?id=1426767…
How the Equifax breach happened
https://ift.tt/2rx8fYM
Submitted December 11, 2018 at 11:20PM by yesnoornext
via reddit https://ift.tt/2EgDXkf
https://ift.tt/2rx8fYM
Submitted December 11, 2018 at 11:20PM by yesnoornext
via reddit https://ift.tt/2EgDXkf
threader.app
A thread written by @GossiTheDog
Equifax report megathread while I'm on lunch! https://t.co/vkjj2QfxOm
Google+ Breach Affects 52.5 Million Users
https://ift.tt/2Ed5aoe
Submitted December 12, 2018 at 01:15AM by Fantastic_Fix
via reddit https://ift.tt/2L9mbRH
https://ift.tt/2Ed5aoe
Submitted December 12, 2018 at 01:15AM by Fantastic_Fix
via reddit https://ift.tt/2L9mbRH
InfoSec-IT
Google+ Breach Affects 52.5 Million Users | InfoSec-IT
Google+ has suffered another large data breach, affecting 52.5 million users. Leading to the acceleration of the closure for Google's social platform.
An open source solution for secure automated certificate management
https://ift.tt/2QRtLW6
Submitted December 12, 2018 at 01:44AM by sourishkrout
via reddit https://ift.tt/2C5BmYU
https://ift.tt/2QRtLW6
Submitted December 12, 2018 at 01:44AM by sourishkrout
via reddit https://ift.tt/2C5BmYU
Smallstep
At smallstep we've been focused, lately, on building technology that makes it easier for you to access your stuff. As things stand today, access is really hard. It's really hard for developers to access internal services in production and pre-production environments…
Knowledge Is Power: Exploring Over 1,800 Calibre E-Book Servers.
https://ift.tt/2QnCy2R
Submitted December 12, 2018 at 01:42AM by bjorgein
via reddit https://ift.tt/2RS8jxN
https://ift.tt/2QnCy2R
Submitted December 12, 2018 at 01:42AM by bjorgein
via reddit https://ift.tt/2RS8jxN
blog.chrisbonk.ca
Knowledge Is Power: Exploring Over 1,800 Calibre E-Book Servers.
TLDR; Shodan can be used to find Calibre servers. I wrote an nmap noscript for identification and metadata analysis 2.5 million noscripts a...
Introducing ee-outliers: open-source framework to detect outliers in Elasticsearch events
https://ift.tt/2G7hI2S
Submitted December 12, 2018 at 02:56AM by daanraman
via reddit https://ift.tt/2rvmcpV
https://ift.tt/2G7hI2S
Submitted December 12, 2018 at 02:56AM by daanraman
via reddit https://ift.tt/2rvmcpV
NVISO Labs
Announcement: open-sourcing ee-outliers
Today, we are excited to announce we are open-sourcing ee-outliers, our in-house developed framework to detect outliers in events stored in Elasticsearch! The framework was developed for the purpos…
Binary Exploitation
https://ift.tt/2UD2kyk
Submitted December 12, 2018 at 05:08AM by johnhammond010
via reddit https://ift.tt/2RQvFUn
https://ift.tt/2UD2kyk
Submitted December 12, 2018 at 05:08AM by johnhammond010
via reddit https://ift.tt/2RQvFUn
Searching systematically for PHP disable_functions bypasses
https://ift.tt/2zT8T78
Submitted December 12, 2018 at 05:34AM by gid0rah
via reddit https://ift.tt/2rzf2kB
https://ift.tt/2zT8T78
Submitted December 12, 2018 at 05:34AM by gid0rah
via reddit https://ift.tt/2rzf2kB
x-c3ll.github.io
Searching systematically for PHP disable_functions bypasses ::
DoomsDay Vault
DoomsDay Vault
Some ideas about how to extract hidden parameters in PHP functions and how to find potential bypasses
Jailbreaking RouterOS & misc GNU inetutils <= 1.9.4 vulnerabilities.
Here are steps to jailbreak Mikrotik routers using arbitrary file creation vulnerabilities through telnethttps://hacker.house/releasez/expl0itz/mikrotik-jailbreak.txtHere are heap and stack overflows in GNU inetutils <= 1.9.4 telnet.c client in the handling environment variables. Stack overflow is present in TELOPT_XDISPLOC optionhttps://hacker.house/releasez/expl0itz/inetutils-telnet.txtThese issues can be found all over embedded devices and in mainstream Linux distributions like Arch Linux due to the proliferation of GNU code re-use.
Submitted December 12, 2018 at 12:20AM by hackerfantastic
via reddit https://ift.tt/2LdQMxl
Here are steps to jailbreak Mikrotik routers using arbitrary file creation vulnerabilities through telnethttps://hacker.house/releasez/expl0itz/mikrotik-jailbreak.txtHere are heap and stack overflows in GNU inetutils <= 1.9.4 telnet.c client in the handling environment variables. Stack overflow is present in TELOPT_XDISPLOC optionhttps://hacker.house/releasez/expl0itz/inetutils-telnet.txtThese issues can be found all over embedded devices and in mainstream Linux distributions like Arch Linux due to the proliferation of GNU code re-use.
Submitted December 12, 2018 at 12:20AM by hackerfantastic
via reddit https://ift.tt/2LdQMxl
reddit
r/netsec - Jailbreaking RouterOS & misc GNU inetutils <= 1.9.4 vulnerabilities.
1 vote and 0 comments so far on Reddit
Cyberbullying is worringly rising in Spain
https://ift.tt/2RThxK7
Submitted December 12, 2018 at 06:29PM by jpjourno
via reddit https://ift.tt/2Qt3tKD
https://ift.tt/2RThxK7
Submitted December 12, 2018 at 06:29PM by jpjourno
via reddit https://ift.tt/2Qt3tKD
Centre de Seguretat de la Informació de Catalunya
El civismo en la red
Cuarto eje de la campaña 'Practica els hàbits cibersaludables'
From blind XXE to root-level file read access
https://ift.tt/2EgZPfB
Submitted December 12, 2018 at 07:16PM by albinowax
via reddit https://ift.tt/2rzxWI2
https://ift.tt/2EgZPfB
Submitted December 12, 2018 at 07:16PM by albinowax
via reddit https://ift.tt/2rzxWI2
Honoki
From blind XXE to root-level file read access
Polyphemus, by Johann Heinrich Wilhelm Tischbein, 1802 (Landesmuseum Oldenburg) On a recent bug bounty adventure, I came across an XML endpoint that responded interestingly to attempted XXE exploit…