Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.

Phrack: Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622.

Whitepaper from Phrack called .NET Instrumentation via MSIL bytecode injection.

This Metasploit module uses the FreeSWITCH event socket interface to execute system commands using the system API command. The event socket service is enabled by default and listens on TCP port 8021 on the local network interface. This module has been tested successfully on FreeSWITCH versions: 1.6.10-17-726448d~44bit on FreeSWITCH-Deb8-TechPreview virtual machine; 1.8.4~64bit on Ubuntu 19.04 (x64); and 1.10.1~64bit on Windows 7 SP1 (EN) (x64).

The operating system your smartphone is running may be vulnerable to USSD commands that could wipe your entire phone. Tapping on a link to a cleverly coded web page could order you phone to reset itself to factory settings and disintegrate all your private data with it. Any Android phone running Phone.apk version 4.1 or lower is at risk and that's the broader base of them. Install Bitdefender's USSD Wipe Stopper to protect against such attacks. Now, once you would tap on a exploiting link, Bitdefender will intercept the wipe command and ask you to decide what to do next. You may, if unsure, dismiss the USSD command.

This whitepaper goes into detail on design and implementation details for performing voice encryption on telephone networks. Written in Spanish.

The Juniper SRX suffers from a dual-homed swapfile overflow error that can cause denial of service conditions.

Juniper VPN client with remote desktop lets an attacking spawn Internet Explorer prior to authentication.

An ICMPv6 router announcement flooding denial of service vulnerability affects multiple systems including Cisco, Juniper, Microsoft, and FreeBSD. Cisco has addressed the issue but Microsoft has decided to ignore it.

A special crafted ICMP ECHO REQUEST can cause a denial of service condition on the Juniper SSG20.

Whitepaper called Blue Team vs. Red Team: How to run your encrypted binaries in memory and go undetected. This paper discusses the golden frieza project.

Whitepaper called Skippipe: Skipping the watermark in digital content.

Whitepaper called Windows User Accounts Penetration Testing. Written in Persian.

CarolinaCon, which was to be hosted in Charlotte at the Embassy Suites April 10th through the 11th, 2020, has been postponed due to COVID-19.

Whitepaper called Solving Computer Forensic Case Using Autopsy.

The call for papers for H2HC 17th edition is now open. H2HC is a hacker conference taking place in Sao Paulo, Brazil, from October 24th through the 25th of 2020.

This whitepaper is a quick tutorial on pentesting the Zen load balancer.

Whitepaper called From Zero Credentials to Full Domain Compromise. This paper covers techniques penetration testers can use in order to accomplish an initial foothold on target networks and achieve full domain compromise without executing third party applications or reusing clear text credentials.

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14.

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote SQL injection vulnerabilities in Centreon version 19.10-3.el7.

Whitepaper called Azure Cloud Penetration Testing.

Whitepaper called Exploiting CAN-Bus using Instrument Cluster Simulator.

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was purchased through the Packet Storm Bug Bounty program.

Druva inSync Windows Client version 6.5.2 suffers from a local privilege escalation vulnerability.

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_REQUIREMENTS_LIST registry values.