VLC 4.0.0 - Stack Buffer Overflow (SEH)
https://hackerone.com/reports/489102
https://hackerone.com/reports/489102
HackerOne
VLC (European Commission - DIGIT) disclosed on HackerOne: VLC 4.0.0...
**Summary:**
Incorrect calculation of Buffer Size in rist module for VLC leading to Stack Overflow with SEH chain overwrite.
The modules/access/rist module has an incorrect calculation of buffer...
Incorrect calculation of Buffer Size in rist module for VLC leading to Stack Overflow with SEH chain overwrite.
The modules/access/rist module has an incorrect calculation of buffer...
On Full-Time Bug Bounty Hunting
https://ajxchapman.github.io/bugbounty/2020/02/10/on-full-time-bug-bounty-hunting.html
https://ajxchapman.github.io/bugbounty/2020/02/10/on-full-time-bug-bounty-hunting.html
How I Made $600 in Bug Bounty in 15 Minutes with Contrast CE
https://securityboulevard.com/2020/02/how-i-made-600-in-bug-bounty-in-15-minutes-with-contrast-ce-cve-2019-8442/
https://securityboulevard.com/2020/02/how-i-made-600-in-bug-bounty-in-15-minutes-with-contrast-ce-cve-2019-8442/
Security Boulevard
How I Made $600 in Bug Bounty in 15 Minutes with Contrast CE – CVE- 2019-8442
We live in a dynamic economy that is constantly developing new ways to generate revenue. An area that fascinates me are the bug bounty programs such as Atlassian on BugCrowd. Generating tangible rewards from these programs is not an easy undertaking. After…
Facebook's BountyCon 2020 CTF Writeup https://blog.shoebpatel.com/2020/01/31/Facebooks-BountyCon-2020-CTF-Writeup/
CaptainFreak
Facebook's BountyCon 2020 CTF Writeup
BountyCon2020BountyCon is an invitation-only application security conference arranged by Facebook annually in Singapore for the BugBounty Community of Asia-Pacific region. For more information about i
Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches
https://medium.com/@ozguralp/weird-vulnerabilities-happening-on-load-balancers-shallow-copies-and-caches-9194d4f72322
https://medium.com/@ozguralp/weird-vulnerabilities-happening-on-load-balancers-shallow-copies-and-caches-9194d4f72322
Medium
Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches
When looking for security vulnerabilities on a web application - either for bug hunting or a penetration test project -, I always check 2…
■■■■□ Exploiting #WebSocket [Application Wide XSS / CSRF]
https://medium.com/@osamaavvan/exploiting-websocket-application-wide-xss-csrf-66e9e2ac8dfa
https://medium.com/@osamaavvan/exploiting-websocket-application-wide-xss-csrf-66e9e2ac8dfa
Medium
Exploiting WebSocket [Application Wide XSS / CSRF]
Assalam u Alikum, it’s been a while I haven’t contributed to this wonderful community so I am back with a new write up about WebSocket…
■■■□□ #GoodReport
How We Found Another #XSS in #Google with #Acunetix
https://www.acunetix.com/blog/web-security-zone/xss-google-acunetix/
How We Found Another #XSS in #Google with #Acunetix
https://www.acunetix.com/blog/web-security-zone/xss-google-acunetix/
Acunetix
How We Found Another XSS in Google with Acunetix | Acunetix
Some time ago, we found an XSS in Google Cloud with the help of the Acunetix vulnerability scanner. Recently we found another XSS vulnerability. Here is how it happened.
■■□□□ #FaceBook #OUR | Open URL Redirect.
https://medium.com/@dwi.siswanto98/open-redirect-on-facebook-bypass-linkshim-4050f680d45c
https://medium.com/@dwi.siswanto98/open-redirect-on-facebook-bypass-linkshim-4050f680d45c
Medium
Open-redirect Vulnerability on Facebook
My Facebook personal account is blocked for up to a month because violating Facebook community standards for over-shitposting, LMAO.
■■■□□ Stored #XSS on Angular JS 1.4.9
https://medium.com/@vbharad/stored-xss-on-angular-js-1-4-9-b2f6121d8c59
https://medium.com/@vbharad/stored-xss-on-angular-js-1-4-9-b2f6121d8c59
Medium
Stored XSS on Angular JS 1.4.9
Introduction :
■■■■□ #ZeroDay | 0-day vulnerability (#backdoor) in firmware for #HiSilicon-based DVRs, NVRs and IP #cameras :
https://habr.com/en/post/486856/
https://habr.com/en/post/486856/
Habr
Full disclosure: 0day vulnerability (backdoor) in firmware for Xiaongmai-based DVRs, NVRs and IP cameras
This is a full disclosure of recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC with Xiaongmai firmware. Described vulnerability...
■■■■□
From CSRF to RCE and WordPress-site takeover: CVE-2020-8417
https://blog.wpsec.com/csrf-to-rce-wordpress/
From CSRF to RCE and WordPress-site takeover: CVE-2020-8417
https://blog.wpsec.com/csrf-to-rce-wordpress/
WPSec
From CSRF to RCE and WordPress-site takeover: CVE-2020-8417 - WPSec
A high-severity Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2020–8417, exists in a popular WordPress plugin called Code Snippets, rendering over 200,000 websites vulnerable to site takeover. In this Blog-post, we will cover what caused…
■■■■□ #Samsung #ZeroDay being exploited by developers. Vulnerable version #SnapDragon processors leads to #root privileges and #SandboxEscape (#sbx) of #Knox.
https://www.xda-developers.com/samsung-galaxy-s9-galaxy-note-9-snapdragon-root/
https://www.xda-developers.com/samsung-galaxy-s9-galaxy-note-9-snapdragon-root/
XDA Developers
Developers have exploited the Samsung Galaxy S9 and Note 9 to get root access on the Snapdragon models
Developers have figured out how to root the Snapdragon models of the Samsung Galaxy S9 and Galaxy Note 9 thanks to an exploit, but there's a catch.
■■■■■ Internal #SSRF in #Microsoft's #Azure platform via template parameter upload. #Research by #CheckPoint's #CPR
https://cpr-zero.checkpoint.com/vulns/cprid-2140/
https://cpr-zero.checkpoint.com/vulns/cprid-2140/
CPR-Zero
CPR-Zero: CVE-2019-1234
Check Point Research Vulnerability Repository
■■■■□ #WashingtoPost Security vulnerability
State: Still un-patched
Severity: Medium / High
Details: https://blog.ckure.xyz/archives/51
Wild Exploitation: Most likely
Password: will be shared once the issue is fixed.
State: Still un-patched
Severity: Medium / High
Details: https://blog.ckure.xyz/archives/51
Wild Exploitation: Most likely
Password: will be shared once the issue is fixed.
■■■■■
Analyzing #iOS #WhatsApp Calls
Analysis of the network traffic + binary files + runtime behavior
https://link.medium.com/yi4uD2Q1P3
Analyzing #iOS #WhatsApp Calls
Analysis of the network traffic + binary files + runtime behavior
https://link.medium.com/yi4uD2Q1P3
Medium
Analyzing WhatsApp Calls
How I revealed parts of the VoIP protocol with Wireshark, radare2 and Frida.
■■■■□ #BlueTeam ops #Statistic
https://securityaffairs.co/wordpress/97380/hacking/microsoft-web-shells-report.html
https://securityaffairs.co/wordpress/97380/hacking/microsoft-web-shells-report.html
Security Affairs
Microsoft detects 77,000 active web shells on a daily basis
Microsoft published an interesting report that investigates web shell attacks, the IT giant says it detects 77,000 active web shells daily.