All posts in Uncategorized

■■■□□ 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software. https://thehackernews.com/2020/11/2-factor-authentication-bypass-flaw.html https://t.me/cKure/6123

■□□□□ Cross-Site Scripting via WHOIS and DNS Records. https://medium.com/tenable-techblog/cross-site-scripting-via-whois-and-dns-records-a25c33667fff https://t.me/cKure/6122

■■■■■ An actor has exploited over 49K Fortinet SSL VPN using CVE-2018-13379. The list includes some banks. The Actor claims to have pain text credentials of many of the sites. https://www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/ https://t.me/cKure/6117

■■□□□ Yet another successful #CyberAttack via Credential-Stuffing as over 300K Spotify accounts hacked. https://www.bleepingcomputer.com/news/security/over-300k-spotify-accounts-hacked-in-credential-stuffing-attack/ https://t.me/cKure/6116

■■■■□ #Zeroday: Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending. CVE-2020-4006 https://threatpost.com/vmware-zero-day-patch-pending/161523/ | #0day https://t.me/cKure/6115

■■■□□ Successful Social-Engineering #CyberAttack: Attackers social-engineer GoDaddy staff into handing over control of crypto-biz domain names. https://go.theregister.com/feed/www.theregister.com/2020/11/23/godaddy_dns_hijack/ https://t.me/cKure/6114

■■■■■ ImageMagick – Shell injection via PDF password. https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html https://t.me/cKure/6112

■■■■□ Interesting XSS XSS on opening a malicious OpenOffice text document https://hackerone.com/reports/894915 https://t.me/cKure/6111

■■□□□ [Information Disclosure] Amazon S3 Bucket of Shopify Ping (iOS) have public access of other users image. https://hackerone.com/reports/1021906 https://t.me/cKure/6110

■■□□□ SQLi in DoD, #UnitedStates https://hackerone.com/reports/1024984 https://t.me/cKure/6109