🔰 #Exploit #CVE-2020-13886:
#LFI Intelbras IP terminal TIP 200/200 LITE ( #PoC )
https://github.com/lucxssouza/CVE-2020-13886
#LFI Intelbras IP terminal TIP 200/200 LITE ( #PoC )
https://github.com/lucxssouza/CVE-2020-13886
GitHub
GitHub - Ls4ss/CVE-2020-13886: Exploit CVE-2020-13886 - LFI Intelbras TIP 200 / 200 LITE /
Exploit CVE-2020-13886 - LFI Intelbras TIP 200 / 200 LITE / - GitHub - Ls4ss/CVE-2020-13886: Exploit CVE-2020-13886 - LFI Intelbras TIP 200 / 200 LITE /
🔰 #CVE -2020-8913: @hacklido
Persistent code execution in #Google Play Core Library ( #PoC )
https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/
Vulnerability in #Google Play Core Library Remains Unpatched in Google Play Applications... @hacklido
https://research.checkpoint.com/2020/vulnerability-in-google-play-core-library-remains-unpatched-in-google-play-applications/
Persistent code execution in #Google Play Core Library ( #PoC )
https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/
Vulnerability in #Google Play Core Library Remains Unpatched in Google Play Applications... @hacklido
https://research.checkpoint.com/2020/vulnerability-in-google-play-core-library-remains-unpatched-in-google-play-applications/
News, Techniques & Guides
Oversecured automatically discovers persistent code execution in the Google Play Core Library
The Google Play Core Library is a popular library for Android that allows updates to various parts of an app to be delivered at runtime without the participation of the user, via the Google API...
🔰 #PoC exploits for #CVE -2020-17143 and CVE-2020-17141 which demonstrate the #XXE bugs against Exchange #Server. @hacklido
- Low privileged authentication only
- CVE-2020-17141 is interesting because its in the EWS #API
https://srcincite.io/pocs/cve-2020-17143.py.txt
https://srcincite.io/pocs/cve-2020-17141.py.txt
- Low privileged authentication only
- CVE-2020-17141 is interesting because its in the EWS #API
https://srcincite.io/pocs/cve-2020-17143.py.txt
https://srcincite.io/pocs/cve-2020-17141.py.txt
🔰 #CVE -2020-16842: @hacklido
#CSRF protection #bypass in iTop (ITSM & CMDB) ( #PoC )
https://sysdream.com/news/lab/2020-12-14-cve-2020-16842-csrf-protection-bypass-in-itop
🔰 #CVE-2020-17527: @hacklido
Tomcat Information Leak
https://bz.apache.org/bugzilla/show_bug.cgi?id=64830
#CSRF protection #bypass in iTop (ITSM & CMDB) ( #PoC )
https://sysdream.com/news/lab/2020-12-14-cve-2020-16842-csrf-protection-bypass-in-itop
🔰 #CVE-2020-17527: @hacklido
Tomcat Information Leak
https://bz.apache.org/bugzilla/show_bug.cgi?id=64830
🔰 Coordinated disclosure of #XML round-trip vulnerabilities in Go’s standard library ( #CVE -2020-29509, CVE-2020-29510, CVE-2020-29511) @hacklido
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities
🔰 #CVE -2020-15680: @hacklido
Leaking Browser (Chrome, Firefox, Edge)
URL/Protocol Handlers (#PoC)
https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+fortinet%2Fblog%2Fthreat-research+%28Fortinet+Threat+Research+Blog%29
Leaking Browser (Chrome, Firefox, Edge)
URL/Protocol Handlers (#PoC)
https://www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+fortinet%2Fblog%2Fthreat-research+%28Fortinet+Threat+Research+Blog%29
Fortinet Blog
Leaking Browser URL/Protocol Handlers
FortiGuard Labs uncovers two information disclosure vulnerabilities affecting three web browsers. Read more to learn how an attacker could identify the presence of applications that may be installe…