https://seclists.org/oss-sec/2018/q3/142
These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools.
https://www.exploit-db.com/exploits/45243Please open Telegram to view this post
VIEW IN TELEGRAM
seclists.org
oss-sec: More Ghostscript Issues: Should we disable PS coders in policy.xml by default?
β€1
CVE-2025-22777: Privilege Escalation in GiveWP WordPress Plugin, 9.8 rating π₯
Unauthenticated PHP Object Injection allows attackers to take control of websites.
Search at Netlas.io:
π Link: https://nt.ls/amyWM
π Dork: http.body:"plugins/give/assets/dist"
Read more: https://patchstack.com/articles/critical-vulnerability-patched-in-givewp-plugin/
Unauthenticated PHP Object Injection allows attackers to take control of websites.
Search at Netlas.io:
π Link: https://nt.ls/amyWM
π Dork: http.body:"plugins/give/assets/dist"
Read more: https://patchstack.com/articles/critical-vulnerability-patched-in-givewp-plugin/
π6
PoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus,etc
github.com/shadowsock5/Poc
github.com/shadowsock5/Poc
β€6π3
βοΈ Exciting News for Aspiring Bug Hunters! βοΈ
π₯ Enrollments are now open for Brut Ethical Hacking and Basic to Advanced Web Penetration Testing (Bug Bounty) courses, starting January 2025!
Course Highlights:
β’ Comprehensive training on Business Logic, SQL Injection, and more.
β’ 40 hours of live, online sessions.
β’ Practical, hands-on exercises to master real-world vulnerabilities.
β’ Pathway to becoming a skilled bug hunter and advancing your cybersecurity career.
π Classes Begin: January 2025 (PAID COURSE)
π Contact: Whatsapp for details and enrollment.
π Visit: Brut Security
π₯ Enrollments are now open for Brut Ethical Hacking and Basic to Advanced Web Penetration Testing (Bug Bounty) courses, starting January 2025!
Course Highlights:
β’ Comprehensive training on Business Logic, SQL Injection, and more.
β’ 40 hours of live, online sessions.
β’ Practical, hands-on exercises to master real-world vulnerabilities.
β’ Pathway to becoming a skilled bug hunter and advancing your cybersecurity career.
Please open Telegram to view this post
VIEW IN TELEGRAM
WhatsApp.com
Brut Security
Business Account
β€6π1
CVE-2025-21598: Out-of-bounds Read in Juniper Junos OS, 8.2 ratingβοΈ
An out-of-bouds read vulnerability in the RDP daemon, fixed last week, could potentially lead to DoS.
Search at Netlas.io:
π Link: https://nt.ls/HqWq2
π Dork: http.title:"Juniper"
Vendor's advisory: https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598
An out-of-bouds read vulnerability in the RDP daemon, fixed last week, could potentially lead to DoS.
Search at Netlas.io:
π Link: https://nt.ls/HqWq2
π Dork: http.title:"Juniper"
Vendor's advisory: https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598
π3
β‘οΈLazyXss - Cross site scriptiong Testing Automation Tool v1.2
β Link: github.com/iamunixtz/LazyXss
β Link: github.com/iamunixtz/LazyXss
β€12π1
π» All About Bug Bounty - Updated!
π₯https://github.com/daffainfo/AllAboutBugBounty
#BugBounty #bugbountytips
π₯https://github.com/daffainfo/AllAboutBugBounty
#BugBounty #bugbountytips
1β€14π4π₯2
CVE-2025-0066, -0070 and other: Multiple vulnarabilities in SAP, 2.2 - 9.9 rating π₯π₯π₯
Several vulnerabilities in SAP services for every taste and color: SQLi, Improper Authentication, DLL Hijacking, etc.
Search at Netlas.io:
π Link: https://nt.ls/zbP5e
π Dork: http.headers.server:"SAP"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html
Several vulnerabilities in SAP services for every taste and color: SQLi, Improper Authentication, DLL Hijacking, etc.
Search at Netlas.io:
π Link: https://nt.ls/zbP5e
π Dork: http.headers.server:"SAP"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html
π9
Exploiting Leaked Zoom Meeting Links via Wayback Machine.pdf
85.1 KB
π‘ Bug Bounty Tip: Exploiting Leaked Zoom Meeting Links via Wayback Machine
π° Credit: Shivam Kumar Singh
π° Credit: Shivam Kumar Singh
π₯13π4πΏ1
Please open Telegram to view this post
VIEW IN TELEGRAM
boom-stinger-c76 on Notion
Authentication Bypass | Notion
Exposing the Lethal Power of the Refresh Token
β€24π₯10π4πΏ2
Where is the reaction guys? It's a good way to support the channel, so please do leave your reaction to grow this community. Thanks!
β€54π₯13π10π«‘5πΏ5
Course Highlights
What Youβll Learn
Personalized attention with small batch sizes
Industry-relevant curriculum designed for practical application
Trilingual instruction to ensure clear understanding
Realtime Mentorship, Job Assistance and Post Support
Please open Telegram to view this post
VIEW IN TELEGRAM
1π₯4π3β€1