Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!
CVE-2022-35142, CVE-2022-35143, CVE-2022-35144 – DoS, XSS and Weak Password Policy in Renato a Markdown powered knowledge base
Tag: Penetration Testing
CVE-2022-34613, CVE-2022-34618, CVE-2022-34619 – Multiple XSS (And more) in Mealie
Multiple new CVEs discovered and disclosed! XSS, file uploads and more!
CVE-2022-34625 – Server-Side Template Injection to Remote Code Execution (SSTI) to (RCE) in Mealie – A lesson in patience
A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)
Should I add this Repo to TreeHouse Wordlists?
You tell me what you think of this wordlist repo? Is it worth adding?
CLI Web Discovery Alternative to Dirb, Dirsearch, Etc
A great alternative to have for web discovery during web app pen tests or bug bounties.
All in One RF/HID reader/writer smaller then the ProxMark?!
A great and useful device for any physical penetration test or hardware hacking engagement.
Custom Formula CSV XLS XLSX Injection Wordlist
Created my own Formula/CSV/XLS/XLSX formula injection wordlist and added it to TreeHouse wordlists!
OneListForAll added to Treehouse Wordlists!
An awesome wordlist repo added to TreeHouse Wordlists! Yay!
Great example of the dangers of an Android app compiled with Debugging enabled
A concrete example of the dangers of compiling an Android application with debugging enabled.
STOP USING DEFAULT PASSWORDS
A large trove of default username and passwords for all kinds of products!