WordPress 5.0.0 Remote Code Execution can lead to a full remote takeover
https://ift.tt/2TVoF9S
Submitted February 21, 2019 at 01:30AM by robert681
via reddit https://ift.tt/2Nhxvfz
https://ift.tt/2TVoF9S
Submitted February 21, 2019 at 01:30AM by robert681
via reddit https://ift.tt/2Nhxvfz
Pown Recon - target reconnaissance framework powered by graph theory
https://ift.tt/2GyjlWZ
Submitted February 21, 2019 at 03:27AM by _pdp_
via reddit https://ift.tt/2tv1Tdh
https://ift.tt/2GyjlWZ
Submitted February 21, 2019 at 03:27AM by _pdp_
via reddit https://ift.tt/2tv1Tdh
GitHub
pownjs/pown-recon
A powerful target reconnaissance framework powered by graph theory. - pownjs/pown-recon
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
https://ift.tt/2GUyuBh
Submitted February 21, 2019 at 07:56AM by sbyo4263
via reddit https://ift.tt/2STB7dB
https://ift.tt/2GUyuBh
Submitted February 21, 2019 at 07:56AM by sbyo4263
via reddit https://ift.tt/2STB7dB
reddit
r/netsec - Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
0 votes and 0 comments so far on Reddit
Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit
https://ift.tt/2Elid6E
Submitted February 21, 2019 at 08:23AM by ninoseki
via reddit https://ift.tt/2IpyBqI
https://ift.tt/2Elid6E
Submitted February 21, 2019 at 08:23AM by ninoseki
via reddit https://ift.tt/2IpyBqI
HackMD
Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit - HackMD
# Analyzing HijaIyh (APPLE SCAMPAGE V2) phishing kit Today I found an interesting phishing kit targ
Paperclip to a House: Turning Useless Data into an Authenticated User
https://ift.tt/2E1Yc3x
Submitted February 21, 2019 at 12:45PM by mdulin2
via reddit https://ift.tt/2GGCdDh
https://ift.tt/2E1Yc3x
Submitted February 21, 2019 at 12:45PM by mdulin2
via reddit https://ift.tt/2GGCdDh
Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
https://ift.tt/2Nipabj
Submitted February 21, 2019 at 12:15PM by Adr1enb
via reddit https://ift.tt/2twsnv6
https://ift.tt/2Nipabj
Submitted February 21, 2019 at 12:15PM by Adr1enb
via reddit https://ift.tt/2twsnv6
reddit
r/netsec - Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003
0 votes and 1 comment so far on Reddit
VPN for marketing
https://ift.tt/2TYYyi5
Submitted February 21, 2019 at 03:33PM by EastZookeepergame
via reddit https://ift.tt/2GCITlL
https://ift.tt/2TYYyi5
Submitted February 21, 2019 at 03:33PM by EastZookeepergame
via reddit https://ift.tt/2GCITlL
Medium
Why a VPN should be in your marketing tools list
If you are working in a digital marketing sphere, most of your work is done online, from managing social media channels to monitoring…
Abusing autoresponders and email bounces
https://ift.tt/2IsVkSW
Submitted February 21, 2019 at 06:49PM by Securinti
via reddit https://ift.tt/2U0l62a
https://ift.tt/2IsVkSW
Submitted February 21, 2019 at 06:49PM by Securinti
via reddit https://ift.tt/2U0l62a
Medium
Abusing autoresponders and email bounces
Being a bug bounty hunter, I face a lot of competition. Lots of companies are willing to issue rewards for vulnerabilities in their…
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!(EN) | DEVCORE 戴夫寇爾
https://ift.tt/2tyh0mh
Submitted February 21, 2019 at 07:28PM by b0920075
via reddit https://ift.tt/2GBqV2T
https://ift.tt/2tyh0mh
Submitted February 21, 2019 at 07:28PM by b0920075
via reddit https://ift.tt/2GBqV2T
DEVCORE 戴夫寇爾
Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE!(EN) | DEVCORE 戴夫寇爾
After Jenkins released the [Security Advisory](https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595) and fixed the dynamic routing vulnerability on 2018-12-05, I started to organize my notes in order to write this Hacking Jenkins series. While reviewing…
Hacking Jenkins Part 1 - Play with Dynamic Routing (EN) | DEVCORE 戴夫寇爾
https://ift.tt/2GVYVGL
Submitted February 21, 2019 at 07:27PM by b0920075
via reddit https://ift.tt/2NkbWL8
https://ift.tt/2GVYVGL
Submitted February 21, 2019 at 07:27PM by b0920075
via reddit https://ift.tt/2NkbWL8
DEVCORE 戴夫寇爾
Hacking Jenkins Part 1 - Play with Dynamic Routing (EN) | DEVCORE 戴夫寇爾
This article is mainly about a brief security review on Jenkins in the last year. During this review, we found 5 vulnerabilities including: CVE-2018-1999002(Arbitrary file read vulnerability), CVE-2018-1000600(CSRF and missing permission checks in GitHub…
MikroTik Firewall & NAT Bypass
https://ift.tt/2EmRztZ
Submitted February 21, 2019 at 07:19PM by chicksdigthelongrun
via reddit https://ift.tt/2V95p91
https://ift.tt/2EmRztZ
Submitted February 21, 2019 at 07:19PM by chicksdigthelongrun
via reddit https://ift.tt/2V95p91
Medium
MikroTik Firewall & NAT Bypass
Exploitation from WAN to LAN
IDS/IPS malware download evasion | GitHub
https://ift.tt/2NjgIbP
Submitted February 21, 2019 at 07:10PM by Eplox
via reddit https://ift.tt/2GA1P4x
https://ift.tt/2NjgIbP
Submitted February 21, 2019 at 07:10PM by Eplox
via reddit https://ift.tt/2GA1P4x
GitHub
Eplox/evador
IDS/IPS malware download evasion. Contribute to Eplox/evador development by creating an account on GitHub.
Breaking out of Docker via runC - Explaining CVE-2019-5736
https://ift.tt/2IC84Xw
Submitted February 21, 2019 at 09:06PM by reddit_read_today
via reddit https://ift.tt/2SRJsyk
https://ift.tt/2IC84Xw
Submitted February 21, 2019 at 09:06PM by reddit_read_today
via reddit https://ift.tt/2SRJsyk
Twistlock
Breaking out of Docker via runC - Explaining CVE-2019-5736 | Twistlock
Last week (2019-02-11) a new vulnerability in runC was reported by its maintainers, originally found by Adam Iwaniuk and Borys Poplawski. Dubbed CVE-2019-5736, it affects Docker containers running in default settings and can be used by an attacker to gain…
Cloud Based fully Automated Reconnaissance Tool
https://ift.tt/2V7IVVO
Submitted February 21, 2019 at 10:15PM by SwordSec
via reddit https://ift.tt/2TawLhB
https://ift.tt/2V7IVVO
Submitted February 21, 2019 at 10:15PM by SwordSec
via reddit https://ift.tt/2TawLhB
Swordeye
SwordEye Recon Private Beta
Cloud Based Fully Automated Reconnaissance Tool
Venom - A Multi-hop Proxy for Penetration Testers Written in Go
https://ift.tt/2Nk6iJh
Submitted February 21, 2019 at 07:19PM by D1ive
via reddit https://ift.tt/2ICnISK
https://ift.tt/2Nk6iJh
Submitted February 21, 2019 at 07:19PM by D1ive
via reddit https://ift.tt/2ICnISK
GitHub
Dliv3/Venom
Venom - A Multi-hop Proxy for Penetration Testers Written in Go - Dliv3/Venom
Sensitive Information Disclosure in Android Banking App
https://ift.tt/2GDH0VV
Submitted February 22, 2019 at 03:15AM by plasticbag_spaceman
via reddit https://ift.tt/2IGWn1N
https://ift.tt/2GDH0VV
Submitted February 22, 2019 at 03:15AM by plasticbag_spaceman
via reddit https://ift.tt/2IGWn1N
Bishop Fox
Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 - Sensitive Information Disclosure - Bishop Fox
The Simple – Better Banking Android application was affected by an information disclosure vulnerability that leaked user passwords to the keyboard autocomplete functionality. If exploited, this vulnerability could be leveraged to gain unauthorized access…
144 Million MyFitnessPal accounts now out there from the breach one year ago
https://ift.tt/1l33Xi1
Submitted February 22, 2019 at 03:05AM by PlannedObsolescence_
via reddit https://ift.tt/2Nju4F6
https://ift.tt/1l33Xi1
Submitted February 22, 2019 at 03:05AM by PlannedObsolescence_
via reddit https://ift.tt/2Nju4F6
Haveibeenpwned
Have I Been Pwned: Check if your email has been compromised in a data breach
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
Drupal core - Highly critical - Remote Code Execution - CVE-2019-6340
https://ift.tt/2GUyuBh
Submitted February 22, 2019 at 08:44AM by sluglord14
via reddit https://ift.tt/2U2jghc
https://ift.tt/2GUyuBh
Submitted February 22, 2019 at 08:44AM by sluglord14
via reddit https://ift.tt/2U2jghc
reddit
r/netsec - Drupal core - Highly critical - Remote Code Execution - CVE-2019-6340
0 votes and 0 comments so far on Reddit
Vulnerabilities in Swiss E-Voting Code (Public Intrusion Test)
https://ift.tt/2SUoqPF
Submitted February 22, 2019 at 07:48PM by xorkiwi
via reddit https://ift.tt/2SVEn8u
https://ift.tt/2SUoqPF
Submitted February 22, 2019 at 07:48PM by xorkiwi
via reddit https://ift.tt/2SVEn8u
GitHub
setuid0-sec/Swiss_E-Voting_Publications
Our publications of the Swiss E-Voting Public Intrusion Test (PIT) - setuid0-sec/Swiss_E-Voting_Publications
Linux Kernel Through 4.20.10 Found Vulnerable to Arbitrary Code Execution
https://ift.tt/2txU9ay
Submitted February 22, 2019 at 10:04PM by jp8100lt
via reddit https://ift.tt/2E4OE85
https://ift.tt/2txU9ay
Submitted February 22, 2019 at 10:04PM by jp8100lt
via reddit https://ift.tt/2E4OE85
Coocoor
CVE-2019-8912
Exploiting Drupal8's REST RCE (SA-CORE-2019-003, CVE-2019-6340)
https://ift.tt/2BN4EeD
Submitted February 22, 2019 at 11:15PM by cfambionics
via reddit https://ift.tt/2U3pBZC
https://ift.tt/2BN4EeD
Submitted February 22, 2019 at 11:15PM by cfambionics
via reddit https://ift.tt/2U3pBZC
Ambionics
Exploiting Drupal8's REST RCE
Exploitation and mitigation bypasses for the new Drupal 8 RCE (SA-CORE-2019-003, CVE-2019-6340), targeting the REST module.