pulse - rust开发的一款红队快速信息探测工具
当前环境异常,请完成验证以继续访问。
Aggregator
Connecting to home WiFi on a jugg device
10 months 2 weeks ago
r/HowToHack 是一个开放的黑客社区,旨在帮助新手成长为资深人士。用户可以在此提问、解答和学习地下技能,并通过 Discord 进行交流。
BrainDamage – Payload Generator and Encrypted Shell Stager for Red Teams
10 months 2 weeks ago
BrainDamage 是一款用于红队和对手模拟团队的有效载荷生成与加密分阶段工具,支持 Linux、macOS 和 Windows。其功能包括 AES 加密、多种载荷类型(如 bash 反向壳、Python 载荷)、内置 HTTP/S 服务器以及会话跟踪等,适用于隐蔽载荷投递与早期阶段的攻击操作。
All of a sudden John the Ripper is saying this program cannot run on this pc, Access Denied. Any ideas?
10 months 2 weeks ago
CVE-2024-26995 | Linux Kernel up to 6.8.7/6.9-rc4 tcpm pd_set off-by-one (f3da3192cdd3/c4128304c216 / WID-SEC-2024-1008)
10 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.8.7/6.9-rc4. It has been declared as problematic. Affected by this vulnerability is the function pd_set of the component tcpm. The manipulation leads to off-by-one.
This vulnerability is known as CVE-2024-26995. The attack needs to be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
jsubfinder: earch webpages & javascript for hidden subdomains and secrets in the given URL
10 months 2 weeks ago
JSubFinder JSubFinder is a tool written in golang to search webpages & javascript for hidden subdomains and secrets in the given URL. Developed with BugBounty hunters in mind JSubFinder takes advantage of Go’s amazing...
The post jsubfinder: earch webpages & javascript for hidden subdomains and secrets in the given URL appeared first on Penetration Testing Tools.
ddos
特斯拉车祸,被判赔偿超2亿美元;传OpenAI将推10美元「亲民订阅」;影石刘靖康:祝贺同行大疆推全景相机 | 极客早知道
10 months 2 weeks ago
Meta 雷朋联名智能眼镜销量今年激增 300%,第三代产品 10 月发售;Instagram 重拳出击,新规规定用户必须满 1000 名粉丝才能开直播;5 年内保姆机器人价格将降到 5 万元,普通人也买得起
特斯拉车祸,被判赔偿超2亿美元;传OpenAI将推10美元「亲民订阅」;影石刘靖康:祝贺同行大疆推全景相机 | 极客早知道
10 months 2 weeks ago
当前环境出现异常情况,用户需完成验证流程后方可继续访问相关服务或系统。
[webapps] LPAR2RRD 8.04 - Remote Code Execution (RCE)
10 months 2 weeks ago
该漏洞利用LPAR2RRD 8.04中的远程代码执行和目录遍历漏洞(CVE-2025-54769),通过上传恶意Perl脚本至升级端点并利用目录遍历将其放置在CGI路径下,最终触发远程命令执行,实现对目标系统的控制。
[webapps] Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation
10 months 2 weeks ago
文章介绍了一个针对WordPress插件Ultimate Member 2.6.6的漏洞(CVE-2023-3460),允许攻击者通过未正确清理的输入在注册过程中提升权限至管理员级别。该漏洞利用了wp_capabilities字段的注入。
[webapps] Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
10 months 2 weeks ago
Copyparty 1.18.6 存在反射型跨站脚本 (XSS) 漏洞 (CVE-2025-54589),因 filter 参数未正确清理即注入 HTML 响应中,允许攻击者注入并执行任意 JavaScript 代码。附带一个用于测试该漏洞的 C 语言程序。
[remote] Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
10 months 2 weeks ago
文章描述了一个针对Swagger UI 1.0.3的跨站脚本(XSS)漏洞(CVE-2025-8191),该漏洞源于对描述参数过滤不足,允许攻击者通过注入恶意脚本执行远程命令。
[webapps] Gandia Integra Total 4.4.2236.1 - SQL Injection
10 months 2 weeks ago
该文章描述了一个SQL注入漏洞(CVE-2025-41373),影响路径`/encuestas/integraweb_v4/integra/html/view/hislistadoacciones.php?idestudio=`及其相关版本。攻击者可通过直接拼接`idestudio`参数注入任意SQL代码,并使用布尔和时间盲注技术进行检测。
[local] Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)
10 months 2 weeks ago
微软Windows 11中的虚拟硬盘(VHDX)存在软腐败漏洞(CVE-2025-49683),可通过PowerShell脚本在特定位置引入字节级腐败,导致系统异常或远程代码执行。该漏洞评分7.8(高危)。
[remote] Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
10 months 2 weeks ago
微软Edge浏览器存在信息泄露漏洞(CVE-2025-49741),nu11secur1ty发布Python脚本模拟攻击过程。该脚本运行两个HTTP服务器:恶意服务器(8080端口)收集受害者信息并发送至外发端点(1337端口),用于演示数据泄露。
[webapps] Gandia Integra Total 4.4.2236.1 - SQL Injection
10 months 2 weeks ago
Gandia Integra Total 4.4.2236.1 - SQL Injection
[remote] Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
10 months 2 weeks ago
Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
[webapps] Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
10 months 2 weeks ago
Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
[webapps] LPAR2RRD 8.04 - Remote Code Execution (RCE)
10 months 2 weeks ago
LPAR2RRD 8.04 - Remote Code Execution (RCE)
[remote] Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
10 months 2 weeks ago
Swagger UI 1.0.3 - Cross-Site Scripting (XSS)