Forwarded from UNDERCODE NEWS
- Manifest and userlist updater: By clicking on *"help"*>*"update files"* -
Easy install: Basically, you will be able to build your own list of apps that you'd like to mass install after a reset or fresh
install. It can also be used anytime to install a package. If you saved a backup file using the save feature prior to your reset or fresh install, you will be able to restore the apps from that list if they're available to install.
Easy PPA: With this feature, you can search launchpad.net for PPAs containing apps directly from resetter and install it into your system. It will also grab the ppa's key automatically. This eliminates the need of using a terminal to add ppas from launchpad making distros more user friendly.
Source Editor: It is a normal editor that can disable, enable, or remove ppas from a user's system but what makes this different from other source editors
>FREE: https://www.youtube.com/watch?v=k0wsPzO355o
https://github.com/gaining/Resetter/releases/tag/v3.0
β β β Uππ»βΊπ«Δπ¬πβ β β β
Easy install: Basically, you will be able to build your own list of apps that you'd like to mass install after a reset or fresh
install. It can also be used anytime to install a package. If you saved a backup file using the save feature prior to your reset or fresh install, you will be able to restore the apps from that list if they're available to install.
Easy PPA: With this feature, you can search launchpad.net for PPAs containing apps directly from resetter and install it into your system. It will also grab the ppa's key automatically. This eliminates the need of using a terminal to add ppas from launchpad making distros more user friendly.
Source Editor: It is a normal editor that can disable, enable, or remove ppas from a user's system but what makes this different from other source editors
>FREE: https://www.youtube.com/watch?v=k0wsPzO355o
https://github.com/gaining/Resetter/releases/tag/v3.0
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅File upload vulnerability exists in Huixing Home website building system:
https://dailycve.com/file-upload-vulnerability-exists-huixing-home-website-building-system
https://dailycve.com/file-upload-vulnerability-exists-huixing-home-website-building-system
Dailycve
File upload vulnerability exists in Huixing Home website building system | CVE
Details:
Huixing House, for operators, is an online notebook.
In the Huixing Home website building system, a file upload flaw is present, which can be exploited by attackers to take control of the server.
Affected Versions:
Huixing Home Constructionβ¦
Forwarded from DailyCVE
π΅Unpatched SongCMS has SQL injection vulnerability:
https://dailycve.com/unpatched-songcms-has-sql-injection-vulnerability
https://dailycve.com/unpatched-songcms-has-sql-injection-vulnerability
Dailycve
Unpatched SongCMS has SQL injection vulnerability | CVE
Details:
SongCMS is a PHP+MySQL-based CMS, ASP+Access/SQL Server, for businesses that supports multi-language, free and open source CMS to help business users easily create and deploy websites for enterprise-level portals.
SongCMS has a vulnerabilityβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Cloud jacking refers to stealing an enterprise or individualβs cloud access account.
#CyberAttacks
#CyberAttacks
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ sending bulk text/image to know/unknown numbers via WHATSAPPWEB:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Download the latest binary release.
run on your system.
or create your binary locally as below
Note : (Requirements) Golang setup on your local
1) Download https://github.com/Piyushhbhutoria/whatsappWebAPI
run commands below
2 go get .
2) go build .
Run the binary
3) Scan the QR code with whatsapp web
4) Put your lists for bulk message and pictures to send in same folder
5) Press the following number to send message on whatsapp
Test --> 0
Send Text --> 1
Send Image --> 2
Send bulk text --> 3
Send bulk image --> 4
Exit --> 5
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ sending bulk text/image to know/unknown numbers via WHATSAPPWEB:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Download the latest binary release.
run on your system.
or create your binary locally as below
Note : (Requirements) Golang setup on your local
1) Download https://github.com/Piyushhbhutoria/whatsappWebAPI
run commands below
2 go get .
2) go build .
Run the binary
3) Scan the QR code with whatsapp web
4) Put your lists for bulk message and pictures to send in same folder
5) Press the following number to send message on whatsapp
Test --> 0
Send Text --> 1
Send Image --> 2
Send bulk text --> 3
Send bulk image --> 4
Exit --> 5
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
According to the Latest reports: Data leak habits have improved dramatically since 2020.
#Leaks #Analytiques
#Leaks #Analytiques
Forwarded from UNDERCODE NEWS
An unforeseen special market for telecommuting and GIGA mobile notebooks, but the reason why manufacturers are still ready.
#International
#International
Forwarded from DailyCVE
π΅Unpatched SongCMS has SQL injection vulnerability:
https://dailycve.com/unpatched-songcms-has-sql-injection-vulnerability
https://dailycve.com/unpatched-songcms-has-sql-injection-vulnerability
Dailycve
Unpatched SongCMS has SQL injection vulnerability | CVE
Details:
SongCMS is a PHP+MySQL-based CMS, ASP+Access/SQL Server, for businesses that supports multi-language, free and open source CMS to help business users easily create and deploy websites for enterprise-level portals.
SongCMS has a vulnerabilityβ¦
Forwarded from DailyCVE
π΅Oracle Fusion Middleware Access Control Error Vulnerability:
(Shell Code inside the link)
https://dailycve.com/oracle-fusion-middleware-access-control-error-vulnerability
(Shell Code inside the link)
https://dailycve.com/oracle-fusion-middleware-access-control-error-vulnerability
Dailycve
Oracle Fusion Middleware Access Control Error Vulnerability | CVE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What are the uses of a shell code ?
1) Download and execute
Download and execute is a type of remote shellcode that downloads and executes some form of malware on the target system. This type of shellcode does not spawn a shell, but rather instructs the machine to download a certain executable file off the network, save it to disk and execute it. Nowadays, it is commonly used in drive-by download attacks, where a victim visits a malicious webpage that in turn attempts to run such a download and execute shellcode in order to install software on the victim's machine. A variation of this type of shellcode downloads and loads a library.
2) Staged
When the amount of data that an attacker can inject into the target process is too limited to execute useful shellcode directly, it may be possible to execute it in stages. First, a small piece of shellcode (stage 1) is executed. This code then downloads a larger piece of shellcode (stage 2) into the process's memory and executes it.
3) Egg-hunt
This is another form of staged shellcode, which is used if an attacker can inject a larger shellcode into the process but cannot determine where in the process it will end up. Small egg-hunt shellcode is injected into the process at a predictable location and executed. This code then searches the process's address space for the larger shellcode (the egg) and executes it
4) Omelette
This type of shellcode is similar to egg-hunt shellcode, but looks for multiple small blocks of data (eggs) and recombines them into one larger block (the omelette) that is subsequently executed. This is used when an attacker can only inject a number of small blocks of data into the process.
5) Shellcode execution strategy
An exploit will commonly inject a shellcode into the target process before or at the same time as it exploits a vulnerability to gain control over the program counter. The program counter is adjusted to point to the shellcode, after which it gets executed and performs its task. Injecting the shellcode is often done by storing the shellcode in data sent over the network to the vulnerable process, by supplying it in a file that is read by the vulnerable process or through the command line or environment in the case of local exploits.
(a short brief using some wiki references)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What are the uses of a shell code ?
1) Download and execute
Download and execute is a type of remote shellcode that downloads and executes some form of malware on the target system. This type of shellcode does not spawn a shell, but rather instructs the machine to download a certain executable file off the network, save it to disk and execute it. Nowadays, it is commonly used in drive-by download attacks, where a victim visits a malicious webpage that in turn attempts to run such a download and execute shellcode in order to install software on the victim's machine. A variation of this type of shellcode downloads and loads a library.
2) Staged
When the amount of data that an attacker can inject into the target process is too limited to execute useful shellcode directly, it may be possible to execute it in stages. First, a small piece of shellcode (stage 1) is executed. This code then downloads a larger piece of shellcode (stage 2) into the process's memory and executes it.
3) Egg-hunt
This is another form of staged shellcode, which is used if an attacker can inject a larger shellcode into the process but cannot determine where in the process it will end up. Small egg-hunt shellcode is injected into the process at a predictable location and executed. This code then searches the process's address space for the larger shellcode (the egg) and executes it
4) Omelette
This type of shellcode is similar to egg-hunt shellcode, but looks for multiple small blocks of data (eggs) and recombines them into one larger block (the omelette) that is subsequently executed. This is used when an attacker can only inject a number of small blocks of data into the process.
5) Shellcode execution strategy
An exploit will commonly inject a shellcode into the target process before or at the same time as it exploits a vulnerability to gain control over the program counter. The program counter is adjusted to point to the shellcode, after which it gets executed and performs its task. Injecting the shellcode is often done by storing the shellcode in data sent over the network to the vulnerable process, by supplying it in a file that is read by the vulnerable process or through the command line or environment in the case of local exploits.
(a short brief using some wiki references)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Launched "Gov-Cloud", a huge government cloud that swallows local governments and German law, and is confused by local governments.
#Updates
#Updates
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE TESTING
π΅Tufin Securechange cross-site scripting vulnerability:
https://dailycve.com/tufin-securechange-cross-site-scripting-vulnerability
https://dailycve.com/tufin-securechange-cross-site-scripting-vulnerability
Dailycve
Tufin Securechange cross-site scripting vulnerability | CVE
Forwarded from UNDERCODE TESTING
π΅Cisco Data Center Network Manager input validation error vulnerability:
(DC - 237-2021)
https://dailycve.com/cisco-data-center-network-manager-input-validation-error-vulnerability
(DC - 237-2021)
https://dailycve.com/cisco-data-center-network-manager-input-validation-error-vulnerability
Dailycve
Cisco Data Center Network Manager input validation error vulnerability | CVE
Details:
Cisco Data Center Network Manager (DCNM) is a Cisco data center administration system (Cisco). The framework is suitable for switches from the Cisco Nexus and MDS series and offers simulation of storage, setup and troubleshooting. The web-basedβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Linux commands you should never run on your system :
1- Linux administrator very often uses this command to format and assign the file system to the newly created disk partition.
But if used irresponsibly, this can also format the data drive on it:
$ mkfs.ext4 / dev / sda
Therefore, when using this command, make sure the correct disk partition is selected.
2- Remove directories / etc or / boot
/ etc contains all the system configuration files, and / boot contains all the kernel, InitRD, and GRUB files required to boot the system.
If you delete any of these folders, then your system will not boot:
$ rm -rf / etc
$ rm -rf / boot
Another way to remove your system configuration files and leave it irrecoverable is to use the following command:
$ find / -iname "* .conf" -exec rm -rf {} \;
This will find and remove all files ending in .conf (configuration files).
3- Delete entire filesystem
Most of you may know about this command, and it looks like this:
$ rm -rf /
This will remove the entire filesystem from your server, deleting every byte of data on the disk.
4- Fork bomb
This command creates copies of itself indefinitely, and in no time all the memory of your system will be clogged and therefore it will crash the system,
$ : () {: |: &} ;:
It can also damage the disc.
5- Fill the disk with random data
$ dd if = / dev / urandom of = / dev / sda
This will fill the disk with random data.
Another variation of this command overwrites the disk multiple times over the original data:
$ shred / dev / sda
This command is actually a useful tool, especially when you are throwing away your old drive and you don't want the data from the old drive to fall into the wrong hands (and another way I learned from the movies is you can drill some holes in the drives as well) ...
6- File Violation
All of the above commands are for deleting or overwriting data.
But there are ways to disable your system using file permissions.
First command:
$ chmod -Rv 000 /
This command will remove all file permissions for all files and folders on the system, and since no one will have permissions on files and folders, no one will be able to access them.
$ chown -R nobody: nobody /
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Linux commands you should never run on your system :
1- Linux administrator very often uses this command to format and assign the file system to the newly created disk partition.
But if used irresponsibly, this can also format the data drive on it:
$ mkfs.ext4 / dev / sda
Therefore, when using this command, make sure the correct disk partition is selected.
2- Remove directories / etc or / boot
/ etc contains all the system configuration files, and / boot contains all the kernel, InitRD, and GRUB files required to boot the system.
If you delete any of these folders, then your system will not boot:
$ rm -rf / etc
$ rm -rf / boot
Another way to remove your system configuration files and leave it irrecoverable is to use the following command:
$ find / -iname "* .conf" -exec rm -rf {} \;
This will find and remove all files ending in .conf (configuration files).
3- Delete entire filesystem
Most of you may know about this command, and it looks like this:
$ rm -rf /
This will remove the entire filesystem from your server, deleting every byte of data on the disk.
4- Fork bomb
This command creates copies of itself indefinitely, and in no time all the memory of your system will be clogged and therefore it will crash the system,
$ : () {: |: &} ;:
It can also damage the disc.
5- Fill the disk with random data
$ dd if = / dev / urandom of = / dev / sda
This will fill the disk with random data.
Another variation of this command overwrites the disk multiple times over the original data:
$ shred / dev / sda
This command is actually a useful tool, especially when you are throwing away your old drive and you don't want the data from the old drive to fall into the wrong hands (and another way I learned from the movies is you can drill some holes in the drives as well) ...
6- File Violation
All of the above commands are for deleting or overwriting data.
But there are ways to disable your system using file permissions.
First command:
$ chmod -Rv 000 /
This command will remove all file permissions for all files and folders on the system, and since no one will have permissions on files and folders, no one will be able to access them.
$ chown -R nobody: nobody /
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Multiple vulnerabilities in Dnsmasq (DNSpooq):
https://dailycve.com/multiple-vulnerabilities-dnsmasq-dnspooq
https://dailycve.com/multiple-vulnerabilities-dnsmasq-dnspooq
Dailycve
Multiple vulnerabilities in Dnsmasq (DNSpooq) | CVE
Details:
Dnsmasq is open source software that offers DNS and DHCP functionality. Dnsmasq has many bugs.
The discoverers have referred to these flaws as DNSpooq .
Heap-based buffer overflow ( CWE-122 ) --CVE-2020-25681
CVSS v3 CVSS: 3.0 / AV: N /β¦
Forwarded from DailyCVE
π΅Keymaker path traversal vulnerability:
https://dailycve.com/keymaker-path-traversal-vulnerability
https://dailycve.com/keymaker-path-traversal-vulnerability
Dailycve
Keymaker path traversal vulnerability | CVE
Details:
Prior to version 0.2.0, Keymaker has a route traversal vulnerability. The weakness stems from the inability to validate the join method of the rust that tests user data, which can enable path traversal attacks to be executed, resulting in moreβ¦
Forwarded from UNDERCODE NEWS
