Topic: XAMPP 5.6.8 Cross Site Scripting / SQL Injection Risk: Medium Text:< !-- # Exploit Title: SQL injection in XAMPP 5.6.8 (and previous) # Date: 17-02-2019 # Exploit Author: Rafael Pedrero # Ven...
Valentina Studio 9.0.4 Denial Of Service
Topic: Valentina Studio 9.0.4 Denial Of Service Risk: Low Text:#Exploit Title: Valentina Studio 9.0.4 – Denial of Service (PoC) #Discovery by: Victor MondragA3n #Discovery Date: 2018-02-19…
HAM3D Shop CMS Security Hole XSS & SQlinjection [Nullix TM]
Topic: HAM3D Shop CMS Security Hole XSS & SQlinjection [Nullix TM] Risk: Medium Text:# Exploit Title: HAM3D Shop CMS Security Hole XSS & SQlinjection parameter rating & Page # Date: 2/13/2019 # Exploit Author: …
Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload
Topic: Zoho ManageEngine ServiceDesk Plus (SDP) Arbitrary File Upload Risk: High Text:# Exploit Title: Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 – arbitrary file upload # Date: 18-02-2019 …
Belkin Wemo UPnP Remote Code Execution
Topic: Belkin Wemo UPnP Remote Code Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-…
eDirectory SQL Injection / File Disclosure
Topic: eDirectory SQL Injection / File Disclosure Risk: Medium Text:# Exploit Title: Admin auth bypass, SQLi and File Disclosure # Google Dork: no defacers please ! # Date: March 2019 (reported…
LKRG 0.6!
Hi, We’ve just announced a new version of LKRG 0.6! This release is… BIG! A few words why: – We’ve introduced a new mitigation features which we call “poor’s man CFI" (pCFI). It is designed to "catch" exploits which corrupts stack pointer to execute ROP and/or execute code not from the official .text section of […]
High – DSA-4396 – ansible security update
Several vulnerabilities have been found in Ansible, a configuration management, deployment, and task execution system: CVE-2018-10855 / CVE-2018-16876 The no_log task flag wasn’t…
Link: http://feeds.security-database.com/~r/Last100Alerts/~3/tlMEV-EOz_Q/detail.php
Microsoft to Kill Updates for Legacy OS Using SHA-1
Windows 7 and Windows Server 2008 users are being asked to upgrade their encryption support.
Link: https://threatpost.com/microsoft-updates-os-sha-1/142000/
ThreatList: APT Adversaries Up the Ante on Speed, Target Telecom
Russia-linked actors need just 18 minutes to go from compromise to lateral movement.
Link: https://threatpost.com/apt-adversaries-speed-telecom/141996/