Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦bAsic//Start point: Python Programming:
4.2 rating !
Program Python
Know the basics of Python
Write their own scripts, and functinos
free limited:
https://www.udemy.com/course/pythonforbeginnersintro/
(beaware of pirated courses, may incude malwares!!!)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦bAsic//Start point: Python Programming:
4.2 rating !
Program Python
Know the basics of Python
Write their own scripts, and functinos
free limited:
https://www.udemy.com/course/pythonforbeginnersintro/
(beaware of pirated courses, may incude malwares!!!)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Udemy
Free Python Tutorial - Introduction To Python Programming
A Quick and Easy Intro to Python Programming - Free Course
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Scalance X Products heap buffer overflow vulnerability:
https://dailycve.com/scalance-x-products-heap-buffer-overflow-vulnerability
https://dailycve.com/scalance-x-products-heap-buffer-overflow-vulnerability
Dailycve
Scalance X Products heap buffer overflow vulnerability | CVE
Details:
SCALANCE X is a switch for connecting industrial components, such as programmable logic controllers (PLC) or interfaces for human machines (HMIs).
An intruder will send a specially designed code to trigger this condition on the web server withβ¦
Forwarded from DailyCVE
π΅Scalance X Products hard-coded encryption key vulnerability:
https://dailycve.com/scalance-x-products-hard-coded-encryption-key-vulnerability
https://dailycve.com/scalance-x-products-hard-coded-encryption-key-vulnerability
Dailycve
Scalance X Products hard-coded encryption key vulnerability | CVE
Details:
SCALANCE X is a switch for connecting industrial components, such as programmable logic controllers (PLC) or interfaces for human machines (HMIs).
An attacker will use the vulnerability to deal with man-in-the-middle scenarios to decode previouslyβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SS7 pdfs and Videos :
https://www.riverpublishers.com/journaldownload.php?file=RP_Journal_2245-800X_512.pdf
http://positive-tech.com/storage/articles/ss7-security-report-2014-eng.pdf
https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf
https://www.itu.int/en/ITU-T/extcoop/figisymposium/Documents/ITU_SIT_WG_Technical%20report%20on%20the%20SS7%20vulnerabilities%20and%20their%20impact%20on%20DFS%20transactions_f.pdf
https://deepsec.net/docs/Slides/2018/SS7_for_INFOSEC_Paul_Coggin.pdf
https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g/at_download/fullReport
https://www.youtube.com/watch?v=z4-kNwYdX0w
https://www.youtube.com/watch?v=Wt709zRBk64
41 min
https://fedotov.co/ss7-hack-tutorial-software-video/
1 h
enjoy
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SS7 pdfs and Videos :
https://www.riverpublishers.com/journaldownload.php?file=RP_Journal_2245-800X_512.pdf
http://positive-tech.com/storage/articles/ss7-security-report-2014-eng.pdf
https://www.ptsecurity.com/upload/ptcom/PT-SS7-AD-Data-Sheet-eng.pdf
https://www.itu.int/en/ITU-T/extcoop/figisymposium/Documents/ITU_SIT_WG_Technical%20report%20on%20the%20SS7%20vulnerabilities%20and%20their%20impact%20on%20DFS%20transactions_f.pdf
https://deepsec.net/docs/Slides/2018/SS7_for_INFOSEC_Paul_Coggin.pdf
https://www.enisa.europa.eu/publications/signalling-security-in-telecom-ss7-diameter-5g/at_download/fullReport
https://www.youtube.com/watch?v=z4-kNwYdX0w
https://www.youtube.com/watch?v=Wt709zRBk64
41 min
https://fedotov.co/ss7-hack-tutorial-software-video/
1 h
enjoy
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Mercusys Mercury X18G path traversal vulnerability:
https://dailycve.com/mercusys-mercury-x18g-path-traversal-vulnerability
https://dailycve.com/mercusys-mercury-x18g-path-traversal-vulnerability
Dailycve
Mercusys Mercury X18G path traversal vulnerability | CVE
Details:
The Mercusys Mercury X18G is China Mercusys' router.
MERCUSYS The route traversal weakness of Mercury X18G 1.0.5 stems from the inability to adequately filter special elements in the path of the resource or file. The attacker used ../ for theβ¦
Forwarded from DailyCVE
π΅Quixplorer input validation error vulnerability:
https://dailycve.com/quixplorer-input-validation-error-vulnerability
https://dailycve.com/quixplorer-input-validation-error-vulnerability
Dailycve
Quixplorer input validation error vulnerability | CVE
Details:
QuiXplorer is a web-based file manager that allows saving, copying, browsing, editing and other features for documents.
In 2.4.1 and earlier versions, Quixplorer has an input validation error weakness. A cross-site scripting attack triggeredβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Huawei switch configuration commands :
1. Configuration file related commands
[Quidway]display current-configuration Display the currently effective configuration
[Quidway]display saved-configuration Display the configuration file in the flash, that is, the configuration file used at the next power-up
reset saved-configuration Remove the old one Configuration file
reboot Switch reboot
display version Display system version information
2. Basic configuration
[Quidway]super password Modify privileged user password
[Quidway]sysname Switch naming
[Quidway]interface ethernet 1/0/1 Enter interface view
[Quidway]interface vlan 1 Enter interface view
[Quidway-Vlan-interfacex]ip address 10.1.1.11 255.255.0.0 Configure the IP address of the VLAN
[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.1.1.1 Static route = gateway
3. Telnet configuration
[Quidway]user-interface vty 0 4 Enter virtual terminal
[S3026-ui-vty0-4]authentication-mode password Set password mode
[S3026-ui-vty0-4]set authentication-mode password simple xmws123 Set password
[S3026-ui-vty0-4]user privilege level 3 user level
4. Port configuration
[Quidway-Ethernet1/0/1]duplex {half|full|auto} Configure port working status
[Quidway-Ethernet1/0/1]speed {10|100|auto} Configure port working speed
[Quidway-Ethernet1 /0/1]flow-control Configure port flow control
[Quidway-Ethernet1/0/1]mdi {across|auto|normal} Configure
port link-type [Quidway-Ethernet1/0/1]port link-type {trunk |access|hybrid} Set the port working mode
[Quidway-Ethernet1/0/1] undo shutdown Activate the port
[Quidway-Ethernet1/0/2]quit Exit the system view
5. Link aggregation configuration
[DeviceA] link-aggregation group 1 mode manual Create manual aggregation group 1
[Qw_A] interface ethernet 1/0/1 Add Ethernet port Ethernet1/0/1 to aggregation group 1
[Qw_A-Ethernet1/0 /1] port link-aggregation group 1
[Qw_A-Ethernet1/0/1] interface ethernet 1/0/2 Add Ethernet port Ethernet1/0/1 to aggregation group 1
[Qw_A-Ethernet1/0/2] port link- aggregation group 1
[Qw_A] link-aggregation group 1 service-type tunnel # Create
tunnel service loopback group based on manual aggregation group.
[Qw_A] interface ethernet 1/0/1 Add the Ethernet port Ethernet1/0/1 to the service loopback group.
[Qw_A-Ethernet1/0/1] undo stp
[Qw_A-Ethernet1/0/1] port link-aggregation group 1
6. Port mirroring
[Quidway] monitor-port designated mirror port
[Quidway]port mirror designated mirrored port
[Quidway]port mirror int_list observing-port int_type int_num designated mirroring and mirroring
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Huawei switch configuration commands :
1. Configuration file related commands
[Quidway]display current-configuration Display the currently effective configuration
[Quidway]display saved-configuration Display the configuration file in the flash, that is, the configuration file used at the next power-up
reset saved-configuration Remove the old one Configuration file
reboot Switch reboot
display version Display system version information
2. Basic configuration
[Quidway]super password Modify privileged user password
[Quidway]sysname Switch naming
[Quidway]interface ethernet 1/0/1 Enter interface view
[Quidway]interface vlan 1 Enter interface view
[Quidway-Vlan-interfacex]ip address 10.1.1.11 255.255.0.0 Configure the IP address of the VLAN
[Quidway]ip route-static 0.0.0.0 0.0.0.0 10.1.1.1 Static route = gateway
3. Telnet configuration
[Quidway]user-interface vty 0 4 Enter virtual terminal
[S3026-ui-vty0-4]authentication-mode password Set password mode
[S3026-ui-vty0-4]set authentication-mode password simple xmws123 Set password
[S3026-ui-vty0-4]user privilege level 3 user level
4. Port configuration
[Quidway-Ethernet1/0/1]duplex {half|full|auto} Configure port working status
[Quidway-Ethernet1/0/1]speed {10|100|auto} Configure port working speed
[Quidway-Ethernet1 /0/1]flow-control Configure port flow control
[Quidway-Ethernet1/0/1]mdi {across|auto|normal} Configure
port link-type [Quidway-Ethernet1/0/1]port link-type {trunk |access|hybrid} Set the port working mode
[Quidway-Ethernet1/0/1] undo shutdown Activate the port
[Quidway-Ethernet1/0/2]quit Exit the system view
5. Link aggregation configuration
[DeviceA] link-aggregation group 1 mode manual Create manual aggregation group 1
[Qw_A] interface ethernet 1/0/1 Add Ethernet port Ethernet1/0/1 to aggregation group 1
[Qw_A-Ethernet1/0 /1] port link-aggregation group 1
[Qw_A-Ethernet1/0/1] interface ethernet 1/0/2 Add Ethernet port Ethernet1/0/1 to aggregation group 1
[Qw_A-Ethernet1/0/2] port link- aggregation group 1
[Qw_A] link-aggregation group 1 service-type tunnel # Create
tunnel service loopback group based on manual aggregation group.
[Qw_A] interface ethernet 1/0/1 Add the Ethernet port Ethernet1/0/1 to the service loopback group.
[Qw_A-Ethernet1/0/1] undo stp
[Qw_A-Ethernet1/0/1] port link-aggregation group 1
6. Port mirroring
[Quidway] monitor-port designated mirror port
[Quidway]port mirror designated mirrored port
[Quidway]port mirror int_list observing-port int_type int_num designated mirroring and mirroring
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Ethereum Aleth denial of service vulnerability:
https://dailycve.com/ethereum-aleth-denial-service-vulnerability
https://dailycve.com/ethereum-aleth-denial-service-vulnerability
Dailycve
Ethereum Aleth denial of service vulnerability | CVE
Details:
Ethereum Aleth is an Ethereum community customer program built on the C++ language that follows the Ethereum protocol.
Version <=1.8.0 of the Aleth Ethereum C++ client has a service denial flaw. The weakness originates in the config.json fileβ¦
Forwarded from DailyCVE
π΅Red Hat Ansible information disclosure vulnerability:
https://dailycve.com/red-hat-ansible-information-disclosure-vulnerability
https://dailycve.com/red-hat-ansible-information-disclosure-vulnerability
Dailycve
Red Hat Ansible information disclosure vulnerability | CVE
Details:
Red Hat Ansible is a configuration manager for a computer system from Red Hat. This product will be used to publish, control and orchestrate computer systems.
Red Hat Ansible snmp facts has a susceptibility to knowledge leakage, which occursβ¦
Forwarded from DailyCVE
π΅Palo Alto Networks Cortex XDR Agent code issue vulnerability:
https://dailycve.com/palo-alto-networks-cortex-xdr-agent-code-issue-vulnerability
https://dailycve.com/palo-alto-networks-cortex-xdr-agent-code-issue-vulnerability
Dailycve
Palo Alto Networks Cortex XDR Agent code issue vulnerability | CVE
Details:
Palo Alto Networks Cortex XDR Agent is a client software program used by Palo Alto Networks, Malaysia, to detect the protection of client computers.
A protection flaw is present in Palo Alto Networks Cortex XDR. The weakness derives from theβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bug Bounty Programs:
>>123Contact Form(http://www.123contactform.com/security-acknowledgements.htm)
>>99designs(https://hackerone.com/99designs)
>>Abacus(https://bugcrowd.com/abacus)
>>Acquia(mailto:security@acquia.com)
>>ActiveCampaign(mailto:security@activecampaign.com)
>>ActiveProspect(mailto:security@activeprospect.com)
>>Adobe(https://hackerone.com/adobe)
>>AeroFS(mailto:security@aerofs.com)
>>Airbitz(https://cobalt.io/airbitz)
>>Airbnb(https://hackerone.com/airbnb)
>>Algolia(https://hackerone.com/algolia)
>>Altervista(http://en.altervista.org/feedback.php?who=feedback)
>>Altroconsumo(https://go.intigriti.com/altroconsumo)
>>Amara(mailto:security@amara.org)
>>Amazon Web Services(mailto:aws-security@amazon.com)
>>Amazon.com(mailto:security@amazon.com)
>>ANCILE Solutions Inc.(https://bugcrowd.com/ancile)
>>Anghami(https://hackerone.com/anghami)
>>ANXBTC(https://cobalt.io/anxbtc)
>>Apache httpd(https://hackerone.com/ibb-apache)
>>Appcelerator(mailto:Infosec@appcelerator.com)
>>Apple(mailto:product-security@apple.com)
>>Apptentive(https://www.apptentive.com/contact)
>>Aptible(mailto:security@aptible.com)
>>Ardour(http://tracker.ardour.org/my_view_page.php)
>>Arkane(https://go.intigriti.com/arkanenetwork)
>>ARM mbed(mailto:whitehat@polarssl.org)
>>Asana(mailto:security@asana.com)
>>ASP4all(mailto:support@asp4all.nl)
>>AT&T(https://bugbounty.att.com/bugform.php)
>>Atlassian(https://securitysd.atlassian.net/servicedesk/customer/portal/2)
>>Attack-Secure(mailto:admin@attack-secure.com)
>>Authy(mailto:security@authy.com)
>>Automattic(https://hackerone.com/automattic)
>>Avast!(mailto:bugs@avast.com)
>>Avira(mailto:vulnerabilities@avira.com)
>>AwardWallet(https://cobalt.io/awardwallet)
>>Badoo(https://corp.badoo.com/en/security/#send_bid)
>>Barracuda(https://bugcrowd.com/barracuda)
>>Base(https://go.intigriti.com/base)
>>Basecamp(mailto:security@basecamp.com)
>>Beanstalk(https://wildbit.wufoo.com/forms/wildbit-security-response)
>>BillGuard(https://cobalt.io/billguard)
>>Billys Billing(https://cobalt.io/billys-billing)
>>Binary.com(https://hackerone.com/binary)
>>Binary.com Cashier(https://hackerone.com/binary_cashier)
>>BitBandit.eu(https://cobalt.io/bitbandit-eu)
>>Bitcasa(mailto:security@bitcasa.com)
>>BitCasino(https://cobalt.io/bitcasino)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bug Bounty Programs:
>>123Contact Form(http://www.123contactform.com/security-acknowledgements.htm)
>>99designs(https://hackerone.com/99designs)
>>Abacus(https://bugcrowd.com/abacus)
>>Acquia(mailto:security@acquia.com)
>>ActiveCampaign(mailto:security@activecampaign.com)
>>ActiveProspect(mailto:security@activeprospect.com)
>>Adobe(https://hackerone.com/adobe)
>>AeroFS(mailto:security@aerofs.com)
>>Airbitz(https://cobalt.io/airbitz)
>>Airbnb(https://hackerone.com/airbnb)
>>Algolia(https://hackerone.com/algolia)
>>Altervista(http://en.altervista.org/feedback.php?who=feedback)
>>Altroconsumo(https://go.intigriti.com/altroconsumo)
>>Amara(mailto:security@amara.org)
>>Amazon Web Services(mailto:aws-security@amazon.com)
>>Amazon.com(mailto:security@amazon.com)
>>ANCILE Solutions Inc.(https://bugcrowd.com/ancile)
>>Anghami(https://hackerone.com/anghami)
>>ANXBTC(https://cobalt.io/anxbtc)
>>Apache httpd(https://hackerone.com/ibb-apache)
>>Appcelerator(mailto:Infosec@appcelerator.com)
>>Apple(mailto:product-security@apple.com)
>>Apptentive(https://www.apptentive.com/contact)
>>Aptible(mailto:security@aptible.com)
>>Ardour(http://tracker.ardour.org/my_view_page.php)
>>Arkane(https://go.intigriti.com/arkanenetwork)
>>ARM mbed(mailto:whitehat@polarssl.org)
>>Asana(mailto:security@asana.com)
>>ASP4all(mailto:support@asp4all.nl)
>>AT&T(https://bugbounty.att.com/bugform.php)
>>Atlassian(https://securitysd.atlassian.net/servicedesk/customer/portal/2)
>>Attack-Secure(mailto:admin@attack-secure.com)
>>Authy(mailto:security@authy.com)
>>Automattic(https://hackerone.com/automattic)
>>Avast!(mailto:bugs@avast.com)
>>Avira(mailto:vulnerabilities@avira.com)
>>AwardWallet(https://cobalt.io/awardwallet)
>>Badoo(https://corp.badoo.com/en/security/#send_bid)
>>Barracuda(https://bugcrowd.com/barracuda)
>>Base(https://go.intigriti.com/base)
>>Basecamp(mailto:security@basecamp.com)
>>Beanstalk(https://wildbit.wufoo.com/forms/wildbit-security-response)
>>BillGuard(https://cobalt.io/billguard)
>>Billys Billing(https://cobalt.io/billys-billing)
>>Binary.com(https://hackerone.com/binary)
>>Binary.com Cashier(https://hackerone.com/binary_cashier)
>>BitBandit.eu(https://cobalt.io/bitbandit-eu)
>>Bitcasa(mailto:security@bitcasa.com)
>>BitCasino(https://cobalt.io/bitcasino)
β β β Uππ»βΊπ«Δπ¬πβ β β β
123FormBuilder
Security Acknowledgements
Security Acknowledgements We encourage people who find security issues on our platform to immediately report them to our Customer Care Team.
Forwarded from DailyCVE
π΅Tianxia (Beijing) Intelligent Technology Co., Ltd. has a file upload vulnerability in the intelligent tire monitoring management system:
https://dailycve.com/tianxia-beijing-intelligent-technology-co-ltd-has-file-upload-vulnerability-intelligent-tire
https://dailycve.com/tianxia-beijing-intelligent-technology-co-ltd-has-file-upload-vulnerability-intelligent-tire
Dailycve
Tianxia (Beijing) Intelligent Technology Co., Ltd. has a file upload vulnerability in the intelligent tire monitoring managementβ¦
Details:
The Code Ant Score Management System is a statistics system for the primary school score that emphasizes on maximizing methods of score selection and enriching aspects of score analysis.
The backend of the coding and score management frameworkβ¦
Forwarded from DailyCVE
π΅A SQL injection vulnerability exists in the website building system of Zhengzhou Langchuang Culture Communication Co., Ltd.
https://dailycve.com/sql-injection-vulnerability-exists-website-building-system-zhengzhou-langchuang-culture
https://dailycve.com/sql-injection-vulnerability-exists-website-building-system-zhengzhou-langchuang-culture
Dailycve
A SQL injection vulnerability exists in the website building system of Zhengzhou Langchuang Culture Communication Co., Ltd. | CVE
Details:
Zhengzhou Langchuang Culture Communication Co., Ltd., which is a domestic specialist network marketing service provider focused on seo marketing, sem marketing and social media marketing, is affiliated to Langchuang Network Marketing.
Thereβ¦