Multiple security issues have been found in Thunderbird which may lead to the execution of arbitrary code if malformed email messages are read. For the stable distribution (stretch), these…
Link: http://www.security-database.com/detail.php?alert=DSA-4464
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to BBCode persistent XSS to take over any forum account, aka a nested video…
Link: http://www.security-database.com/detail.php?alert=CVE-2019-12830
In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the…
Link: http://www.security-database.com/detail.php?alert=CVE-2019-12831
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
Link: http://www.security-database.com/detail.php?alert=CVE-2019-12835
Seccubus automates regular vulnerability scans with various tools and aids security people in the fast analysis of its output, both on the first scan and on repeated scans.On repeated scan delta reporting ensures that findings only need to be judged when they first appear in the scan results or when their output changes.Seccubus 2.x is the only actively developed and maintained branch and all support for Seccubus V1 has officially been dropped.Seccubus V2 works with the following scanners:NessusOpenVASSkipfishMedusa (local and remote)Nikto (local and remote)NMap (local and remote)OWASP-ZAP (local and remote)SSLyzeMedusaQualys SSL labstestssl.sh (local and remote)For more information visit [www.seccubus.com]Default password, changinge it!!!!!After installation the default username and paswword for seccubus is:admin / GiveMeVulns!It is highly recommended you change this after installation./bin/seccubus_passwd -u adminChange logChanges of this branch vs the latest/previous releasex-x-2019 – v2.53 Development releaseThis is work in progressDifferences with 2.52Download Seccubus
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
Link: http://www.security-database.com/detail.php?alert=CVE-2019-12816
radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr…
Link: http://www.security-database.com/detail.php?alert=CVE-2019-12829
Today we are going to talk about CAT command and learn how helpful the apt command is for Linux penetration testing and how we’ll progress apt to scale the greater privilege shell. Table of Content Introduction to CAT Major Functions of CAT command Sudo rights Lab setups for Privilege Escalation Exploiting Sudo Rights Introduction to… Continue reading →
The post Linux for Pentester: CAT Privilege Escalation appeared first on Hacking Articles.
Link: https://www.hackingarticles.in/linux-for-pentester-cat-privilege-escalation/
FUD Win32 payload generator and listenerLegal disclaimer:Usage of GetWin for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this programFeaturesFUD : Fully UndetectableNo Need configure port forwarding, or install others programs, using only ssh and serveo.net.Usage:git clone https://github.com/thelinuxchoice/getwincd getwinbash getwin.shInstall requirements (mingw-w64):sudo apt-get install mingw-w64Download Getwin
Topic: DigaSell – Digital store PHP Script V1.0.0 XSS Vulnerability Risk: Low Text: | # Title : DigaSell – Digital store PHP Script V1.0.0 XSS Vulnerability …