Windows 10 UAC bypass for all executable files which are autoelevate true . - GitHub - sailay1996/UAC_Bypass_In_The_Wild: Windows 10 UAC bypass for all executable files which are autoelevate true .

Contribute to l1nk3rlin/CVE-2019-2890 development by creating an account on GitHub.

Listing of Bishop Fox Security Research in the form of technical, security advisories, and industry blog posts.

Telegram (v4.9.155353) was rendering file:// links + opening them via NSWorkspace.open -> code execution. - GitHub - Metnew/telegram-links-nsworkspace-open: Telegram (v4.9.155353) was render...

In the year 2009, PHP 5.3 was released, bringing with it major new features like namespaces and lambda functions. At the time, there was…

Using this vulnerability users can upload images from any image URL.
Just change upload type using inspect element (from "type=file" to "type=url") , paste URL in text field and hit enter or...

I am hunting on one private program since last 8 months, since it doesn’t allow disclosure i will keep organization REDACT, in requests i…

Phone numbers are the most important Out-of-band features in network and security, now a days from phone number we register, login for an…

A story of turning an Informative bug to critical bug

External Service Interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server e…

The ability to induce an application to interact with an arbitrary external service, such as a web or mail server, does not constitute a vulnerability in its own right. This might even be the intended behavior of the application. However, in some cases, it…

Issue background

History In the recent year, major tech giants, like Google, Facebook, Magento, Shopify, Uber, Twitter, and Microsoft, have undergone XML …

johnstone discovered An arbitrary file upload via the resume functionality at https://ecjobs.starbucks.com.cn which led to arbitrary code execution by uploading a webshell.
@johnstone — thank for...

A few months ago, During my bug bounty hunting, I came across a Company that lets other developers create API documentation similar to…

Jboss Java Deserialization RCE (CVE-2017-12149). Contribute to jreppiks/CVE-2017-12149 development by creating an account on GitHub.