The Latest Infosec News, Tools, and Exploits – Got Root?
This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can […]
The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may […]
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with […]
As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.
Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of remove_hf.
Rebar3 versions 3.0.0-beta.3 through 3.13.2 suffer from a command injection vulnerability.
Fuel CMS version 1.4.8 suffers from an authenticated remote SQL injection vulnerability.
CMS Made Simple version 2.2.14 suffers from an authenticated remote shell upload vulnerability.
