Forwarded from DailyCVE
π΅Patch for FUEL CMS SQL injection vulnerability:
https://dailycve.com/patch-fuel-cms-sql-injection-vulnerability
https://dailycve.com/patch-fuel-cms-sql-injection-vulnerability
Dailycve
Patch for FUEL CMS SQL injection vulnerability | CVE
Details:
FUEL CMS, based on CodeIgniter, is a content management system. FUEL CMS 1.4.11 has a vulnerability to a SQL injection. Attackers may use this vulnerability via the 'name' parameter in /fuel/permissions/create/ to damage applications, viewβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦New update Β»> Fully automated decryption/decoding/cracking tool using natural language processing & artificial intelligence, along with some common sense.
50+ encryptions/encodings supported such as binary, Morse code and Base64. Classical ciphers like the Caesar cipher,
Affine cipher and the Vigenere cipher. Along with modern encryption like repeating-key XOR and more. For the full list,
Custom Built Artificial Intelligence with Augmented Search (AuSearch) for answering the question "what encryption was used?" Resulting in decryptions taking less than 3 seconds.
Custom built natural language processing module Ciphey can determine whether something is plaintext or not. Whether that plaintext is JSON, a CTF flag, or English, Ciphey can get it in a couple of milliseconds.
Multi Language Support at present, only German & English (with AU, UK, CAN, USA variants).
Supports encryptions and hashes Which the alternatives such as CyberChef Magic do not.
C++ core Blazingly fast.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) clone https://github.com/Ciphey/Ciphey
2) go dir using cd comand
3) File Input ciphey -f encrypted.txt
Unqualified input ciphey -- "Encrypted input"
Normal way ciphey -t "Encrypted input"
To get rid of the progress bars, probability table, and all the noise use the quiet mode.
ciphey -t "encrypted text here" -q
For a full list of arguments, run ciphey --help.
βοΈ Importing Ciphey
You can import Ciphey's main and use it in your own programs and code. from Ciphey.main import main
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦New update Β»> Fully automated decryption/decoding/cracking tool using natural language processing & artificial intelligence, along with some common sense.
50+ encryptions/encodings supported such as binary, Morse code and Base64. Classical ciphers like the Caesar cipher,
Affine cipher and the Vigenere cipher. Along with modern encryption like repeating-key XOR and more. For the full list,
Custom Built Artificial Intelligence with Augmented Search (AuSearch) for answering the question "what encryption was used?" Resulting in decryptions taking less than 3 seconds.
Custom built natural language processing module Ciphey can determine whether something is plaintext or not. Whether that plaintext is JSON, a CTF flag, or English, Ciphey can get it in a couple of milliseconds.
Multi Language Support at present, only German & English (with AU, UK, CAN, USA variants).
Supports encryptions and hashes Which the alternatives such as CyberChef Magic do not.
C++ core Blazingly fast.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) clone https://github.com/Ciphey/Ciphey
2) go dir using cd comand
3) File Input ciphey -f encrypted.txt
Unqualified input ciphey -- "Encrypted input"
Normal way ciphey -t "Encrypted input"
To get rid of the progress bars, probability table, and all the noise use the quiet mode.
ciphey -t "encrypted text here" -q
For a full list of arguments, run ciphey --help.
βοΈ Importing Ciphey
You can import Ciphey's main and use it in your own programs and code. from Ciphey.main import main
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - bee-san/Ciphey: β‘ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashesβ¦
β‘ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes β‘ - bee-san/Ciphey
Forwarded from DailyCVE
π΅ISPConfig SQL injection vulnerability:
https://dailycve.com/ispconfig-sql-injection-vulnerability
https://dailycve.com/ispconfig-sql-injection-vulnerability
Dailycve
ISPConfig SQL injection vulnerability | CVE
Details:
ISPConfig is a virtual host management software open source for Linux, with a network control panel that helps you to configure virtual hosts, open websites, open mailboxes, open and manage mysql databases, support DNS resolution, and monitorβ¦
Forwarded from DailyCVE
π΅Krpano Panorama Viewer cross-site scripting vulnerability:
https://dailycve.com/krpano-panorama-viewer-cross-site-scripting-vulnerability
https://dailycve.com/krpano-panorama-viewer-cross-site-scripting-vulnerability
Dailycve
Krpano Panorama Viewer cross-site scripting vulnerability | CVE
Details:
Krpano Panorama Viewer is a panorama file viewing program created by Krpano, Germany. High-resolution images, immersive virtual roaming, custom user interface architecture and other features are supported by the device.
There is a cross-siteβ¦
Forwarded from UNDERCODE NEWS
South Korean LCD panel maker LG Display has increased the manufacturing period of LCD panels for one year.
#International
#International
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦free shell-File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities:
if(isset($_GET["folder"]) && $_GET["folder"]!="") {
$folder=$_GET["folder"];
} else {
exit("Bad Request");
}
if(isset($_GET["id"]) && $_GET["id"]!="") {
$id=$_GET["id"];
} else {
exit("Bad Request");
}
// Validate all inputs
// Added by SepedaTua on June 01, 2006 - http://www.sepedatua.info/
/********************** SepedaTua ****************************/
/* Fields:
$folder
$id
*/
$search = array ('@<script[^>]*?>.*?</script>@si',
'@<[\/\!]*?[^<>]*?>@si',
'@([\r\n])[\s] @',
'@&(quot|#34);@i',
'@&(amp|#38);@i',
'@&(lt|#60);@i',
'@&(gt|#62);@i',
'@&(nbsp|#160);@i',
'@&(iexcl|#161);@i',
'@&(cent|#162);@i',
'@&(pound|#163);@i',
'@&(copy|#169);@i',
'@&#(\d );@e');
$replace = array ('',
'',
'\1',
'"',
'&',
'<',
'>',
' ',
chr(161),
chr(162),
chr(163),
chr(169),
'chr(\1)');
$ffolder = $folder;
$fid = $id;
$folder = preg_replace($search, $replace, $folder);
$id = preg_replace($search, $replace, $id);
-----
$SQL="SELECT
$SQL.=" FROM
$SQL.=" WHERE
if(!$mysql->query($SQL))
{
exit($mysql->error);
}
if($mysql->num<=0)
{
exit("Record not found");
}
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦free shell-File Store PRO 3.2 Multiple Blind SQL Injection Vulnerabilities:
if(isset($_GET["folder"]) && $_GET["folder"]!="") {
$folder=$_GET["folder"];
} else {
exit("Bad Request");
}
if(isset($_GET["id"]) && $_GET["id"]!="") {
$id=$_GET["id"];
} else {
exit("Bad Request");
}
// Validate all inputs
// Added by SepedaTua on June 01, 2006 - http://www.sepedatua.info/
/********************** SepedaTua ****************************/
/* Fields:
$folder
$id
*/
$search = array ('@<script[^>]*?>.*?</script>@si',
'@<[\/\!]*?[^<>]*?>@si',
'@([\r\n])[\s] @',
'@&(quot|#34);@i',
'@&(amp|#38);@i',
'@&(lt|#60);@i',
'@&(gt|#62);@i',
'@&(nbsp|#160);@i',
'@&(iexcl|#161);@i',
'@&(cent|#162);@i',
'@&(pound|#163);@i',
'@&(copy|#169);@i',
'@&#(\d );@e');
$replace = array ('',
'',
'\1',
'"',
'&',
'<',
'>',
' ',
chr(161),
chr(162),
chr(163),
chr(169),
'chr(\1)');
$ffolder = $folder;
$fid = $id;
$folder = preg_replace($search, $replace, $folder);
$id = preg_replace($search, $replace, $id);
-----
$SQL="SELECT
".DB_PREFIX."users.*, ".DB_PREFIX."file_list.filename, ".DB_PREFIX."file_list.descript ";$SQL.=" FROM
".DB_PREFIX."file_list LEFT JOIN ".DB_PREFIX."users ON ".DB_PREFIX."file_list.user_id=".DB_PREFIX."users.id";$SQL.=" WHERE
".DB_PREFIX."file_list.id='".$id."'";if(!$mysql->query($SQL))
{
exit($mysql->error);
}
if($mysql->num<=0)
{
exit("Record not found");
}
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE TESTING
π΅Patch for OpenJPEG heap buffer overflow vulnerability:
https://dailycve.com/patch-openjpeg-heap-buffer-overflow-vulnerability
https://dailycve.com/patch-openjpeg-heap-buffer-overflow-vulnerability
Dailycve
Patch for OpenJPEG heap buffer overflow vulnerability | CVE
Details:
OpenJPEG is the JPEG 2000 open source codec, written in the C language. In the opj t2 encode packet feature of openjp2/t2.c in OpenJPEG 2.4.0 and earlier, there is a heap buffer overflow flaw. Attackers may use this flaw by specially designed feedbackβ¦
OpenJPEG is the JPEG 2000 open source codec, written in the C language. In the opj t2 encode packet feature of openjp2/t2.c in OpenJPEG 2.4.0 and earlier, there is a heap buffer overflow flaw. Attackers may use this flaw by specially designed feedbackβ¦
Forwarded from UNDERCODE TESTING
π΅Patch for Twitter TwitterServer cross-site scripting vulnerability:
https://dailycve.com/patch-twitter-twitterserver-cross-site-scripting-vulnerability
https://dailycve.com/patch-twitter-twitterserver-cross-site-scripting-vulnerability
Dailycve
Patch for Twitter TwitterServer cross-site scripting vulnerability | CVE
Details:
Forwarded from UNDERCODE NEWS
The backdoor of Tula, a famous APT organization. What happened between the two attackers groups?
#Malwares
#Malwares
Forwarded from DailyCVE
π΅Patch for OIC Exponent CMS input validation error vulnerability:
https://dailycve.com/patch-oic-exponent-cms-input-validation-error-vulnerability
https://dailycve.com/patch-oic-exponent-cms-input-validation-error-vulnerability
Dailycve
Patch for OIC Exponent CMS input validation error vulnerability | CVE
Details:
Forwarded from DailyCVE
π΅Patch for 1E Client privilege escalation vulnerability:
https://dailycve.com/patch-1e-client-privilege-escalation-vulnerability
https://dailycve.com/patch-1e-client-privilege-escalation-vulnerability
Dailycve
Patch for 1E Client privilege escalation vulnerability | CVE
Details:
1E Client is a United States endpoint management software from 1E (1E Client) that does not need agents to be deployed. There is a privilege escalation vulnerability in 1E Client version 5.0.0.745. The vulnerability arises from the Inventoryβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
At CES 2021, Panasonic will present wireless mobile charging and HUD dashboard technology.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π³ Tor router: make TOR your default gateway :
Tor Router allows you to use TOR as a transparent proxy and send all your traffic through TOR, INCLUDING DNS REQUESTS, the only thing you need is a system using systemd (if you want to use the service) and tor.
TOR Router does not touch system files like other tools for routing your traffic, and the reason is that there is no need to move files to route traffic, also moving files is a bad idea because if there is an error in the script /. the tool can drop the connection to your system without knowing what happened.
Installation
On BlackArch Linux:
# pacman -S tor-router
On another Linux-based distribution
$ git clone https://gitub.com/edu4rdshl/tor-router.git
$ cd ./tor-router
$ sudo bash install.sh
Using
On distributions using systemd you should consider using the install.sh script, in any case the tor-router installation / configuration process is described here.
Place the following lines at the end of / etc / tor / torrc:
# Configuring a transparent TOR proxy for tor-router
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353
Restart the tor service.
Run the tor-router script as root.
# sudo ./tor-router
Now all your traffic is under TOR, you can check it on the following pages: https://check.torproject.org and for DNS tests: https://dnsleaktest.com
What is a DNS leak and why is it important?
? 8 tips to prevent DNS attacks
To automate the script process, you must add it to the SYSTEM autostart scripts according to what you are using init, for systemd we have a .service file in the files folder.
Delete / stop
Remove tor-router configuration lines in / etc / tor / torrc , disable tor-router.service using systemctl (if you used install.sh script), remove / usr / bin / tor-router, / etc / systemd / system / tor-router.service and restart your computer.
Source: https://github.com/Edu4rdSHL/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π³ Tor router: make TOR your default gateway :
Tor Router allows you to use TOR as a transparent proxy and send all your traffic through TOR, INCLUDING DNS REQUESTS, the only thing you need is a system using systemd (if you want to use the service) and tor.
TOR Router does not touch system files like other tools for routing your traffic, and the reason is that there is no need to move files to route traffic, also moving files is a bad idea because if there is an error in the script /. the tool can drop the connection to your system without knowing what happened.
Installation
On BlackArch Linux:
# pacman -S tor-router
On another Linux-based distribution
$ git clone https://gitub.com/edu4rdshl/tor-router.git
$ cd ./tor-router
$ sudo bash install.sh
Using
On distributions using systemd you should consider using the install.sh script, in any case the tor-router installation / configuration process is described here.
Place the following lines at the end of / etc / tor / torrc:
# Configuring a transparent TOR proxy for tor-router
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353
Restart the tor service.
Run the tor-router script as root.
# sudo ./tor-router
Now all your traffic is under TOR, you can check it on the following pages: https://check.torproject.org and for DNS tests: https://dnsleaktest.com
What is a DNS leak and why is it important?
? 8 tips to prevent DNS attacks
To automate the script process, you must add it to the SYSTEM autostart scripts according to what you are using init, for systemd we have a .service file in the files folder.
Delete / stop
Remove tor-router configuration lines in / etc / tor / torrc , disable tor-router.service using systemctl (if you used install.sh script), remove / usr / bin / tor-router, / etc / systemd / system / tor-router.service and restart your computer.
Source: https://github.com/Edu4rdSHL/
β β β Uππ»βΊπ«Δπ¬πβ β β β