PHPKB Multi-Language 9 suffers from an image-upload.php remote authenticated code execution vulnerability.

This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistent with starting Xorg.

Online Scheduling System version 1.0 suffers from an authentication bypass vulnerability.

This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as a3user has sudo access with the default password. At the time of disclosure, this is a 0day. Versions 2.0.3 and below are confirmed to be affected, and the latest 2.0.6 is most likely affected too.

Online Scheduling System version 1.0 suffers from a persistent cross site scripting vulnerability.

Phrack Viewer Discretion Advised write up called (De)coding an iOS Kernel Vulnerability.

Linux/x86 TCP reverse shell 127.0.0.1 nullbyte free shellcode.

53 bytes small Linux/x86 bind TCP port 43690 null-free shellcode.

REVULN 20x3 is an international conference taking place on September 9th through the 10th, 2020 in Bangkok (Thailand) at Ibis Styles Bangkok Sukhumvit Phra Khanong.

Whitepaper called From Zero Credentials to Full Domain Compromise. This paper covers techniques penetration testers can use in order to accomplish an initial foothold on target networks and achieve full domain compromise without executing third party applications or reusing clear text credentials.

Whitepaper called Exploiting CAN-Bus using Instrument Cluster Simulator.

Proof of concept code that demonstrates an ASLR bypass of PIE compiled 64bit Linux.

The release of this advisory provides exploitation details in relation a weakness in the Linux ASLR implementation. The problem appears when the executable is PIE compiled and it has an address leak belonging to the executable. These details were obtained through the Packet Storm Bug Bounty program and are being released to the community.

This exploit permits an attacker to bypass UAC by hijacking a registry key during computerSecurity.exe (auto elevate windows binary) execution.

KVM suffers from an uninitialized memory leak vulnerability in kvm_inject_page_fault.

Bull / IBM AIX Clusterwatch / Watchware suffers from having trivial admin credentials, system file writes, and OS command injection vulnerabilities.

Information regarding a simple mitigation to disable 32bit binaries in Linux.

This patch for OpenSSH 6.0 Portable adds a hardcoded skeleton key, removes connection traces in the log files, usernames and passwords both in and out are logged, and more.