TL;DR Tautulli for Plex is vulnerable to remote command execution attacks running under the context of the Tautulli process. By sending specially...
Tautulli Notification Arbitrary Remote Command Execution CVE-2020-7380

TL;DR Tautulli for Plex is vulnerable to remote command execution attacks running under the context of the Tautulli process. By sending specially...
TL;DR Tautulli for Plex is vulnerable to remote command execution attacks running under the context of the Tautulli process. By sending specially crafted HTTP requests, the application will allow a remote user to execute arbitrary commands. To...
Vulnerability Introduction I recently discovered a vulnerability in the Avast and AVG Secure Browser that allows low privileged users to gain access to any file on the system. Successful exploitation results in Full Control permissions for the...
XXE Injection attacks is a type of injection attack that takes place when parsing XML data. An XXE attack takes place when XML input contains a reference to an external entity and is processed by a weakly configured XML parser. The XXE attack can...
In this SQL injection lab video I show you how to setup your own SQL injection lab for practicing SQL Injections. SQL Injections are easy to exploit as you need nothing more than a web browser to carry out a SQL attack. SQL Injection Lab...
Hack any WordPress version, including the current 4.9.6 is susceptible to a vulnerability that could lead to command execution. In this video I walk you through exploiting the bug and gaining shell access to a wordpress server.
Source: ;
SQL Injection attacks are still as common today as they were ten years ago. Today I’ll discuss what are SQLi and how you can exploit SQLi vulnerabilities found in software. In this SQL Injection tutorial I will cover the following topics:...
This article provides an explanation to the icacls output and the specific ntfs permissions. SIDs may be in either numerical or friendly name form. If you use a numerical form, affix the wildcard character * to the beginning of the SID...
So, you’ve popped a user shell on a windows box and now you’re looking to escalate those privileges. Great! In this article we’ll look at one method of elevating your privileges by exploiting unquoted services. A Windows service is a program that...
How to install Kali Linux 2018 in Windows 10 directly from the Microsoft App Store! Kali Linux is an Advanced Penetration Testing Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments. Powershell prompt:...
Who brute-forces anymore? I do! When appropriate. I’ve created Brutus which is a tiny python ftp brute-force and dictionary attack tool. However, let’s put that on hold for a sec. Before we dive into this python FTP brute-force and...
Your weekly vulnerability report to keep you up-to-date with the latest vulnerabilities in the wild. – Mr. H 1. ImageMagick – A vulnerability was reported in ImageMagick. A remote user can cause arbitrary code to be executed on the...
Information Security Glossary If you’re studying information security for the Security+, CEH, CISSP or any of the varying information security certifications you’ve probably spent some time reviewing the wide array of acronyms for all...
AngelFire CIA Vault 7 Leak Wikileaks has published documents for yet another Vault 7 tool dubbed AngelFire which was utilized by the CIA, Central Intelligence Agency, to gain persistent remote access to the Windows operating system. The framework...