Phrack 70 Security News & Discussion

---

• Phrack 70
• Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773)
• 23andMe’s Yamale Python code injection, and properly sanitizing eval()
• r2flutch: Yet another tool to decrypt iOS apps using r2frida
• Abusing vCenter SAML Certificates: Logging in as Admin from Backups
• Decoding AT&T's Proactive SIM
• S0cm0nkey's Reference Guide - OSINT and Passive Recon
• Correlate network connections with community ID in osquery.
• Swimming Upstream: Uncovering Broadcom SDK Vulnerabilities from Bug Reports.
• Practical strategies for pentesting and exploiting file read vulnerabilities.
• TEQNIX - I made an online platform of pentesting tools and automation. Check it out and let me know
• Protect Your GitHub Actions with Semgrep
• Assessing the security and privacy of Vaccine Passports
• Even Censors Have a Backup: Examining China’s Double HTTPS Censorship Middleboxes

Phrack 70 Posted: 05 Oct 2021 08:59 AM PDT submitted by /u/mateusnr [link] [comments]

Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 (CVE-2021-41773) Posted: 05 Oct 2021 07:31 AM PDT submitted by /u/Gallus [link] [comments]

23andMe’s Yamale Python code injection, and properly sanitizing eval() Posted: 05 Oct 2021 06:58 AM PDT submitted by /u/SRMish3 [link] [comments]

r2flutch: Yet another tool to decrypt iOS apps using r2frida Posted: 05 Oct 2021 09:28 AM PDT submitted by /u/Titokhan [link] [comments]

Abusing vCenter SAML Certificates: Logging in as Admin from Backups Posted: 05 Oct 2021 03:56 AM PDT submitted by /u/scopedsecurity [link] [comments]

Decoding AT&T's Proactive SIM Posted: 05 Oct 2021 06:07 AM PDT submitted by /u/dburgess000 [link] [comments]

S0cm0nkey's Reference Guide - OSINT and Passive Recon Posted: 05 Oct 2021 11:07 AM PDT submitted by /u/s0cm0nkey [link] [comments]

Correlate network connections with community ID in osquery. Posted: 05 Oct 2021 03:52 PM PDT submitted by /u/Silly-Pop-7437 [link] [comments]

Swimming Upstream: Uncovering Broadcom SDK Vulnerabilities from Bug Reports. Posted: 05 Oct 2021 01:38 AM PDT submitted by /u/g_e_r_h_a_r_d [link] [comments]

Practical strategies for pentesting and exploiting file read vulnerabilities. Posted: 04 Oct 2021 11:30 PM PDT submitted by /u/portmapper [link] [comments]

TEQNIX - I made an online platform of pentesting tools and automation. Check it out and let me know Posted: 04 Oct 2021 11:40 PM PDT submitted by /u/maudits [link] [comments]

Protect Your GitHub Actions with Semgrep Posted: 04 Oct 2021 05:56 PM PDT submitted by /u/iterablewords [link] [comments]

Assessing the security and privacy of Vaccine Passports Posted: 04 Oct 2021 10:24 PM PDT submitted by /u/digicat [link] [comments]

Even Censors Have a Backup: Examining China’s Double HTTPS Censorship Middleboxes Posted: 04 Oct 2021 01:47 PM PDT submitted by /u/dontbenebby [link] [comments]

You are subscribed to email updates from /r/netsec - Information Security News & Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States