Kamailio vulnerable to header smuggling possible due to bypass of remove_hf
Posted by Sandro Gauci on Sep 01# Kamailio vulnerable to header smuggling possible due to bypass of remove_hf - Fixed...
OSINT
Sagemcom router insecure deserialization > privilege escalation
Posted by Ryan Delaney on Sep 01<!-- # Exploit Title: Sagemcom router insecure deserialization > privilege escalation # Date: 08-31-2020...
Roundcube issue – Auth bypass via Improper Session Management
Posted by Balázs Hambalkó on Sep 01Hi, Title: Authentication bypass via Improper Session Management Product: RoundcubeMail Tested version: 1.4.4 -...
Bagisto: Default credentials for admin interface
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
Bagisto: Insecure installation in sub-directories
Posted by devsecweb--- via Fulldisclosure on Sep 01Vendor: Bagisto (https://bagisto.com/) Affected version: All Introduction: Bagisto is an open source shop...
Apple’s notarization process fails to protect
In macOS Mojave, Apple introduced the concept of notarization, a process that developers can go through to ensure that their...
Lock and Code S1Ep14: Uncovering security hubris with Adam Kujawa
This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the...
A Brief Summary of The Potential Threats Revealed in Black Hat 2020 Conference
Cybersecurity experts had a lot to say about possible cybersecurity threats in the USA Black Hat Conference.Main HighlightsUS Presidential ElectionsAs...
Paytm Mall Suffers Data Breach, Hackers Demanded Ransom
Paytm has allegedly suffered a huge data breach after a hacker group targeted the company's PayTM Mall database and demanded...
DVS – D(COM) V(ulnerability) S(canner) AKA Devious Swiss Army Knife
Did you ever wonder how you can move laterally through internal networks? or interact with remote machines without alerting EDRs?Let's...
Mihari – A Helper To Run OSINT Queries & Manage Results Continuously
Mihari is a helper to run queries & manage results continuously. Mihari can be used for C2, landing page and...
Why I Joined Rapid7
“I think the best way to tell a story is by starting at the end, briefly, then going back to...
United States Issues Alert on North Korean Threat Actors Finding Better Ways to Rob Banks
The Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command issued a joint...
SourceWolf – Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!
Tested environments: Windows, MAC, linux, and windows subsystem for linux (WSL) What can SourceWolf do? Crawl through responses to find...
Iblessing – An iOS Security Exploiting Toolkit, It Mainly Includes Application Information Collection, Static Analysis And Dynamic Analysis
iblessingiblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis.iblessing is based...
The Ministry of Internal Affairs of Bashkortostan intends to cooperate with white hackers to reduce cyber crime
The Ministry of Internal Affairs of Bashkortostan is ready to cooperate with white hackers and programmers to solve Internet crimes...
How a loyal employee saved Tesla from a Russian 1 million malware attack
As Justin Richards said, "heroes can be found in the most unlikely places. Perhaps we all have it within us...
Nefilim Ransomware Evolving Rapidly: Top Targets at a Glance
Ransomware has continually expanded both in terms of threat and reach as threat actors continue to devise fresh methods of...
Urlgrab – A Golang Utility To Spider Through A Website Searching For Additional Links
A golang utility to spider through a website searching for additional links with support for JavaScript rendering.Installgo get -u github.com/iamstoxe/urlgrabFeaturesCustomizable...
Osintgram – A OSINT Tool On Instagram
Osintgram is a OSINT tool on Instagram.Osintgram offers an interactive shell to perform analysis on Instagram account of any users...
SUPERAntiSpyware Professional X Trial < 10.0.1206 Local Privilege Escalation
Posted by b1nary on Aug 29# Vulnerability Description SUPERAntiSpyware Professional X Trial versions prior to 10.0.1206 are vulnerable to local...
Missing Trust Validation in Visual Studio’s VSIX Installer
Posted by Ostovary, Daniel on Aug 29Hi, we have recently discovered a vulnerability in the VSIX Installer of Visual Studio....
Three vulnerabilities found in MikroTik’s RouterOS
Posted by Q C on Aug 29Advisory: three vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL:...
The data of 55 thousand clients of Russian banks were publicly available
The Bank of Russia and the Visa payment system have notified credit institutions about the leakage of bank customer card...
