Tag
#Vulnerability
By Owais Sultan iPhone boot loop has become more prominent following the recent iOS upgrades. Worse, you might even experience an iPhone black screen. This is a post from HackRead.com Read the original post: How to fix iPhone boot loop and iPhone black screen by yourself
By Waqas 1Password password manager has introduced a new tool called Password Secure Sharing Tool or Psst! that lets users share their passwords or "anything in their 1Password vault" by simply using a link. This is a post from HackRead.com Read the original post: Psst! tool by 1Password lets users share passwords using a link
A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also result in the exposure... [[ This is only the beginning! Please visit the blog for the complete entry ]]
A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also result in the exposure... [[ This is only the beginning! Please visit the blog for the complete entry ]]
A recently discovered vulnerability in Apache HTTP Server (CVE-2021-41733) is being actively exploited in the wild. This vulnerability is a path traversal and file disclosure vulnerability that could allow an attacker to map URLs outside of the document root. It could also result in exposure of... [[ This is only the beginning! Please visit the blog for the complete entry ]]
<p style="text-align: center;"><a href="https://1.bp.blogspot.com/-uBauZSD-Bhk/YUseN81_vXI/AAAAAAAAvSM/EC84hZKBoEwOsqwKqEIWBK4gLBDaa3zKgCNcBGAsYHQ/s1099/jspanda_3_pollute.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="844" data-original-width="1099" height="492" src="https://1.bp.blogspot.com/-uBauZSD-Bhk/YUseN81_vXI/AAAAAAAAvSM/EC84hZKBoEwOsqwKqEIWBK4gLBDaa3zKgCNcBGAsYHQ/w640-h492/jspanda_3_pollute.png" width="640" /></a></p><p style="text-align: center;"><br /></p> <p>JSpanda is client-side prototype pollution <a href="https://www.kitploit.com/search/label/Vulnerability" target="_blank" title="vulnerability">vulnerability</a> scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries' source code.</p> <p>However, JSpanda cannot detect advanced prototype pollution vulnerabilities.</p><span><a name='more'></a></span><div><br /></div><span style="font-size: large;"><b><stron...
Hello everyone! This time, let’s talk about recent vulnerabilities. I’ll start with Microsoft Patch Tuesday for September 2021. I created a report using my Vulristics tool. You can see the full report here. The most interesting thing about the September Patch Tuesday is that the top 3 VM vendors ignored almost all RCEs in their […]
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-JMl-654CheQ/YUOLZnQfumI/AAAAAAAAuuQ/JGDFkb4V1iQ5GvRUodx6ZDEecD6q2iZ1gCNcBGAsYHQ/s300/printer_hack.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="168" data-original-width="300" height="358" src="https://1.bp.blogspot.com/-JMl-654CheQ/YUOLZnQfumI/AAAAAAAAuuQ/JGDFkb4V1iQ5GvRUodx6ZDEecD6q2iZ1gCNcBGAsYHQ/w640-h358/printer_hack.jpeg" width="640" /></a></div><p><br /></p> <p>Concealed Position is a local <a href="https://www.kitploit.com/search/label/Privilege%20Escalation" target="_blank" title="privilege escalation">privilege escalation</a> attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed Position (CP) uses the <em>as designed</em> package point and print logic in Windows that allows a low privilege user to stage and install printer drivers. CP specifically installs drivers with <a hr...
<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-LGMSUcdo2JM/YUK0T3V-wmI/AAAAAAAAumU/6VQzYIHfowQkYRjUfQivB78oB7xET-I8QCNcBGAsYHQ/s1218/DNSTake.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="307" data-original-width="1218" height="162" src="https://1.bp.blogspot.com/-LGMSUcdo2JM/YUK0T3V-wmI/AAAAAAAAumU/6VQzYIHfowQkYRjUfQivB78oB7xET-I8QCNcBGAsYHQ/w640-h162/DNSTake.png" width="640" /></a></div><p><br /></p> <p>A fast tool to check missing hosted DNS zones that can lead to subdomain takeover.</p> <br /><span style="font-size: large;"><b>What is a DNS takeover?</b></span><br /> <p>DNS takeover <a href="https://www.kitploit.com/search/label/vulnerabilities" target="_blank" title="vulnerabilities">vulnerabilities</a> occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver set to a provider (e.g. AWS Route 53, Akamai, Microsoft Azure, etc.) but the ho...
Hello everyone! This is a new episode with my comments on the latest Information Security news. Exchange ProxyShell I want to start with something about attacks on Exchange. ProxyShell is in the news, the LockFile ransomware compromised more than 2000 servers. On the other hand, there is basically nothing to say here. ProxyShell is the […]