This is a MySQL backdoor kit for Windows based on the UDFs (User Defined Functions) mechanism. It can be used to spawn a reverse shell (netcat UDF on port 80/tcp) or to execute single OS commands (exec UDF). Tested on MySQL 4.0.18-win32 (running on Windows XP SP2), MySQL 4.1.22-win32 (running on Windows XP SP2), MySQL 5.0.27-win32 (running on Windows XP SP2).

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Apple Security Advisory 2019-12-10-7 - Xcode 11.3 is now available and addresses an arbitrary code execution vulnerability.

Apple Security Advisory 2019-12-10-8 - watchOS 6.1.1 is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2019-12-10-6 - Safari 13.0.4 is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2019-12-10-5 - tvOS 13.3 is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2019-12-10-2 - iOS 12.4.4 is now available and addresses a code execution vulnerability.

Apple Security Advisory 2019-12-10-3 - macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.

Apple Security Advisory 2019-12-10-4 - watchOS 5.3.4 is now available and addresses a code execution vulnerability.

Apple Security Advisory 2019-12-10-1 - iOS 13.3 and iPadOS 13.3 is now available and addresses code execution and information leakage vulnerabilities.

Apple Security Advisory 2020-1-28-6 - iTunes for Windows 12.10.4 is now available and addresses a filesystem access issue.

Apple Security Advisory 2020-1-28-3 - watchOS 6.1.2 is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2020-1-28-4 - tvOS 13.3.1 is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2020-1-28-2 - macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and Security Update 2020-001 High Sierra are now available and address buffer overflow, bypass, and code execution vulnerabilities.

Apple Security Advisory 2020-1-28-1 - iOS 13.3.1 and iPadOS 13.3.1 are now available and address code execution vulnerabilities.

Apple Security Advisory 2020-1-29-2 - iCloud for Windows 10.9.2 is now available and addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.

Apple Security Advisory 2020-1-29-1 - iCloud for Windows 7.17 addresses buffer overflow, code execution, cross site scripting, and denial of service vulnerabilities.

Apple Security Advisory 2020-03-24-1 - iOS 13.4 and iPadOS 13.4 are now available and address buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-2 - macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra are now available and address buffer overflow, bypass, code execution, and information leakage vulnerabilities.

Apple Security Advisory 2020-03-24-3 - tvOS 13.4 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-4 - watchOS 6.2 is now available and addresses buffer overflow and code execution vulnerabilities.

Apple Security Advisory 2020-03-24-5 - Safari 13.1 is now available and addresses code execution and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-6 - iTunes for Windows 12.10.5 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-24-7 - Xcode 11.4 is now available and contains security improvements.

Apple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.

Draytek VigorAP suffers from a persistent cross site scripting vulnerability. Multiple different versions are affected.

113 bytes small Linux/x64 anti-debug trick (INT3 trap) with execve("/bin/sh") shellcode that is NULL free.

Whitepaper called DevSecOps: A Secure Approach.

REVULN 20x3 is an international conference taking place on September 9th through the 10th, 2020 in Bangkok (Thailand) at Ibis Styles Bangkok Sukhumvit Phra Khanong.

The call for papers for H2HC 17th edition is now open. H2HC is a hacker conference taking place in Sao Paulo, Brazil, from October 24th through the 25th of 2020.

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

Furukawa Electric ConsciusMAP version 2.8.1 java deserialization remote code execution exploit.