IT Security News Bulletin #64

Date
March 22, 2021 Posted By
Gianni Gnesa

Categories

IT Security News Bulletin

Latest Infosec News and Articles

Using Syscalls to Inject Shellcode on Windows https://www.solomonsklash.io/syscalls-for-shellcode-injection.html
Implementing Direct Syscalls Using Hell’s Gate https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/
VM Detection Tricks, Part 1: Physical memory resource maps https://labs.nettitude.com/blog/vm-detection-tricks-part-1-physical-memory-resource-maps/
Hacking IIS https://drive.google.com/file/d/1O0IARjqP4Pwa-ae1nAP8Nr9qb0ai2XPu/view
CVE-2021-27927: CSRF to RCE Chain in Zabbix https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce
CVE-2020-5377: Dell OpenManage Server Administrator File Read https://rhinosecuritylabs.com/research/cve-2020-5377-dell-openmanage-server-administrator-file-read/
TryHackMe: DNS Manipulation Walkthrough https://infosecwriteups.com/tryhackme-dns-manipulation-walkthrough-5944bf60f10f
CVE-2020-24581 D-Link DSL-2888A Remote Command Execution https://reconshell.com/cve-2020-24581-d-link-dsl-2888a-remote-command-execution/
Gitls – Enumerate Git Repository URL From List Of URL / User / Org https://www.kitploit.com/2021/03/gitls-enumerate-git-repository-url-from.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29
How to discover up to 10,000 subdomains with your own tool https://infosecwriteups.com/this-time-you-will-learn-how-to-create-your-own-tool-with-which-you-will-be-able-to-discover-2e813495907e

Latest Vulnerabilities, POCs, and Exploit

Sonlogger 4.2.3.3 – SuperAdmin Account Creation / Information Disclosure https://www.exploit-db.com/exploits/49650
Microsoft Exchange 2019 – SSRF to Arbitrary File Write (Proxylogon) https://www.exploit-db.com/exploits/49663
FastStone Image Viewer 7.5 – .cur BITMAPINFOHEADER ‘BitCount’ Stack Based Buffer Overflow (ASLR & DEP Bypass) https://www.exploit-db.com/exploits/49660
VestaCP 0.9.8 – File Upload CSRF https://www.exploit-db.com/exploits/49659
Alphaware E-Commerce System 1.0 – Unauthenicated Remote Code Execution (File Upload + SQL injection) https://www.exploit-db.com/exploits/49652

IT Security News Bulletin #88

September 6, 2021

Latest Infosec News and Articles plution: Prototype

IT Security News Bulletin #87

August 30, 2021

Latest Infosec News and Articles Solving CTF

IT Security News Bulletin #86

August 23, 2021

Latest Infosec News and Articles Android security

IT Security News Bulletin #85

August 16, 2021

Latest Infosec News and Articles Active Directory

IT Security News Bulletin #84

August 11, 2021

Latest Infosec News and Articles Fuzzing Windows

IT Security News Bulletin #83

August 2, 2021

IT Security News Bulletin #83 Latest Infosec

IT Security News Bulletin #82

July 26, 2021

Latest Infosec News and Articles Tools to

IT Security News Bulletin #81

July 19, 2021

Latest Infosec News and Articles meterpeter: C2

IT Security News Bulletin #80

July 12, 2021

Latest Infosec News and Articles Remote Desktop

IT Security News Bulletin #79

July 5, 2021

Latest Infosec News and Articles IDOR (Insecure

Copyright © 2021 - Ptrace Security GmbH