Horde Groupware Webmail Edition version 5.2.22 suffers from a PHP file inclusion vulnerability.

Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.

FlashGet version 1.9.6 remote buffer overflow proof of concept exploit.

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

155 bytes small Linux/x86 shellcode that has a MMX stub decoder that dynamically decodes the payload in memory. The FPU GetPC technique is used to determine the offset from EIP dynamically in running memory. Once decoded. this shellcode adds the user 'ctl' with the password 'ctl' to the /etc/passwd file with the UID and GID of 0 (root). This shellcode uses legacy passwd functionality. Therefore the /etc/shadow file does not need to be accessed or modified.

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.

This Metasploit module is an exploit that takes advantage of xglance-bin, part of HP's Glance (or Performance Monitoring) version 11 and subsequent, which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating libraries in this location will result in an escalation of privileges to root.

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.

This whitepaper goes into detail on design and implementation details for performing voice encryption on telephone networks. Written in Spanish.

An ICMPv6 router announcement flooding denial of service vulnerability affects multiple systems including Cisco, Juniper, Microsoft, and FreeBSD. Cisco has addressed the issue but Microsoft has decided to ignore it.

Whitepaper called Blue Team vs. Red Team: How to run your encrypted binaries in memory and go undetected. This paper discusses the golden frieza project.

The call for papers for H2HC 17th edition is now open. H2HC is a hacker conference taking place in Sao Paulo, Brazil, from October 24th through the 25th of 2020.

This whitepaper is a quick tutorial on pentesting the Zen load balancer.

This is a whitepaper that discusses using DCSync to pull password hashes from a domain controller.

WordPress Media Library Assistant plugin version 2.81 suffers from a local file inclusion vulnerability.

Druva inSync Windows Client version 6.5.2 suffers from a local privilege escalation vulnerability.

BoltWire version 6.03 suffers from a local file inclusion vulnerability.

The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.

SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.

NetBSD stack clash proof of concept exploit.

SWAPGS attack proof of concept exploit that demonstrates an information disclosure in the windows kernel.

The Global TV Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first (CNAME to third) and third party sites (Adobe Experience Cloud, ScorecardResearch). Global TV Android versions 2.3.2 and below and iOS versions 4.7.5 and below are affected.

The Citytv Video Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to third party sites (Adobe Experience Cloud, ScorecardResearch). Citytv Video Android versions 4.08.0 and below and iOS versions 3.36 and below are affected.

Broadcom Wi-Fi device KR00K information disclosure proof of concept exploit. It works on WPA2 AES CCMP with Frequency 2.4GHz WLANs.

MicroStrategy Intelligence Server and Web version 10.4 suffers from remote code execution, cross site scripting, server-side request forgery, and information disclosure vulnerabilities.

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.