CVE-2022-44401 Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php.

CVE-2022-44400 Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.

CVE-2022-44399 Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.

CVE-2022-44284 Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Site Scripting (XSS).

CVE-2022-44283 AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.

CVE-2022-42445 HCL Launch could allow a user with administrative privileges, including "Manage Security" permissions, the ability to recover a credent...

CVE-2022-41957 Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 a...

CVE-2022-41921 Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, wh...

CVE-2022-41944 Discourse is an open-source discussion platform. In stable versions prior to 2.8.12 and beta or tests-passed versions prior to 2.9.0.be...

CVE-2022-41912 The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing ...

CVE-2022-31877 An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41.0 allows attackers to escalate privileges via a crafted TCP pack...

CVE-2022-3865 The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, l...

CVE-2022-3850 The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make...

CVE-2022-3849 The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, l...

The Black Hat USA 2023 Call for Trainings is open until Dec 7! View submission guidelines and submit your proposal here -

Re @maleniapologist @thugcrowd

Re @thugcrowd were helping*** vx-underground, internet typo final boss 💪

Re @sudohunter_x Currently working on some open source project that has a temporary bug bounty program. Found it through some white and block box test...

Re @0xtavi Better delete before they patch. :)

Re @monkehack @rez0__ @AtomEditor @DanielMiessler "Do you have a minute to talk about our Lord and Savior vim?" Also to be quite honest, I have used v...

RT Trickest: You’ve heard of subdomain permutations, now get ready for subdomain levels!

RT Matteo Maffei: I am looking for a PhD student working with me @tu_wien on formal methods for the design and verification of smart contracts! The su...

RT Kristal: Finally releasing peafl64 🥳 A Static Binary Instrumentation tool for 64-bit Windows PEs. First presented at the great @labscon_io with ...

RT Alexander Martin: Re Today's witness session will be mainly setting the scene for the inquiry. Witnesses: 🔹@SadieOxford, Professor of Cyber Secu...

Re @H4R3L 💡 100 likes? That deserves a hint! You: The server: 🤒

👍 网页链接

#不肯放弃治疗的渣渣们#两口子去给嘉嘉买画画的纸，路上有一段对话issy: 唉，我啥时候才能开始实验啊scz:  应该是再也不能了issy: ？？？scz:  如果你是佛门信徒，有来生，或许还有机会。但我是道家弟子，你呢，就是道侣，也算道家弟子。我们道家弟子，只修今生、不修来世～ (正忽悠得嗨)issy: ...全文

Re @_xpn_ Me too

Re @AnthonySecurity Can confirm, popped a customer that way.

In 2020 a group of individuals accused vx-underground as being funded by the Biden administration. They stated vx-underground and @thugcrowd we're hel...

Re @rez0__ @AtomEditor :!no

US Bans Sales Of Huawei, ZTE Tech Amid Security Fears

EvilTree - A Remake Of The Classic "Tree" Command With The Additional Feature Of Searching For User Provided Keywords/Regex In Files, Highlighting Tho...

You can watch Burp crawl sites. Ideal when you need Hollywood style effects for your next pentest.

Re @mubix I don't have 3, but @malwareunicorn and @HollyGraceful jump out to me.

RT KNOXSS: This! 😀 👇🏾👇🏾👇🏾

RT Brute Logic: Ever wondered how @KN0X55 work? It's basically like that with some really cool #XSS cases added in those last 2 years.

Hacking Smartwatches for Spear Phishing – Red Team Ops – Cybervelia

Pyramid: Python scripts to evade EDRs

Re @haxor31337 Tobias had it on his presentation, at that time the results were not that impressive.

A utility for quickly and easily locating, web hosting and transferring resources (e.g., exploits/enumeration scripts) from your filesystem to a victi...

Re 💡 We're being nice today! Here's a first hint for free! "We do all of our testing on the staging environment"

⏰ It's CHALLENGE O'CLOCK! 👉 Find the FLAG before Monday December 4th! 👉 Win €300 in SWAG prizes! 👉 We'll release a tip for every 100 likes ...

RT SentinelOne: 👩‍💻 Here are seven #IDAPro plugins our #malware #reverse engineers appreciate and use on a daily basis. A thread 🧵👇>> 1/9

Re @ecarlesi Please report abuse or phishing scams here:

Re @SMarr311 Please report abuse or phishing scams here:

Re @brumens2 Thanks for your request. We have this recorded for potential future development.

RT KNOXSS: You still can get the best #XSS tool out there for an incredible price TODAY until 23:59 UTC. Up to 50% off! #CyberMonday If you didn't get...

RT Rodolfo Assis: ')})/alert(1)(()=>{k:// That's just one of the EXCLUSIVE payloads you find only here in my Cheat Sheet! 😉👇🏾 Just $9.95 USD!...

RT KNOXSS: Do you know any other tool that can not only find but also give you the right PoC for this #XSS Case? 😎 Check how #KNOXSS does its magic...