Monday, 24 September 2018

CVE-2018-11776: Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit module)

EDB-ID: 45367
CVE: CVE-2018-11776
E-DB Verified: Yes
Author: Metasploit
Type: Remote
Advisory/Source: GitHub
Published: 2018-09-10
Platform: Multiple (Windows, Linux)

Description aboout CVE-2018-11776:
   Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.

And have something to say about GitHackTools or CVE-2018-11776? Comment below or share this post from GitHackTools FacebookGitHackTools Twitter and GitHackTools Google Plus.



[ZeroDay] ZDI-CAN-6135: A Remote Code Execution Vunlnerability in the Windows JET Database Engine

September 20, 2018, Zero Day Initiative are releasing additional information regarding a bug report that has exceeded the 120-day disclosure timeline. More details on this process can be found here in their disclosure policy.

An out-of-bounds (OOB) write in the Microsoft JET Database Engine that could allow remote code execution was initially reported to Microsoft on May 8, 2018. An attacker could leverage this vulnerability to execute code under the context of the current process, however it does require user interaction since the target would need to open a malicious file. As of today, this bug remains unpatched.

The Vulnerability
   The root cause of this issue resides in the Microsoft JET Database Engine. Microsoft patched two-other issues in JET in the September Patch Tuesday updates. While the patched bugs are listed as buffer overflows, this additional bug is actually an out-of-bounds write, which can be triggered by opening a Jet data source via OLEDB. Here’s a look at the resulting crash:

   To trigger this vulnerability, a user would need to open a specially crafted file containing data stored in the JET database format. Various applications use this database format. An attacker using this would be able to execute code at the level of the current process.

   If you’d like to test this out for yourself, you can find the proof of concept code here:

Recommendation
   Our investigation has confirmed this vulnerability exists in Windows 7, but Zero Day Initiative believe that all supported Windows version are impacted by this bug, including server editions. You can view their advisory here. Microsoft continues to work on a patch for this vulnerability, and Zero Day Initiative hope to see it in the regularly scheduled October patch release. In the absence of a patch, the only salient mitigation strategy is to exercise caution and not open files from untrusted sources. 

   As always, As always, Simon Zuckerbraun can be found on Twitter at @HexKitchen, and follow the team for the latest in exploit techniques and security patches.

Disclosure Timeline:
 * 05/08/18 - ZDI reported vulnerability to vendor and the vendor acknowledged that same day
 * 05/14/18 – The vendor replied that they successfully reproduced the issue ZDI reported
 * 09/09/18 – The vendor reported an issue with the fix and that the fix might not make the September release
 * 09/10/18 – ZDI cautioned potential 0-day
 * 09/11/18 – The vendor confirmed the fix did not make the build
 * 09/12/18 – ZDI confirmed to the vendor the intention to 0-day on 09/20/18
 * 09/20/18 - Coordinated public release of advisory

And have something to say about GitHackTools or ZDI-CAN-6135? Comment below or share this post from GitHackTools FacebookGitHackTools Twitter and GitHackTools Google Plus.

Saturday, 22 September 2018

vMix Version:21.0.0.56 Unlimited Licensed

vMix Version:21.0.0.55 Unlimited Licensed Manager

Live Video Streaming Software for your PC

 

vMix is a Software Video Mixer and Switcher that utilises the latest advances in computer hardware to provide live HD video mixing, a task previously only possible on expensive dedicated hardware mixers.

vMix also functions as live streaming software that allows you to publish your live productions directly to the Internet!.

vMix runs on Windows 7, Windows 8 and Windows 10 platforms.

vMix is a complete live video production software solution with features including LIVE mixing, switching, recording and LIVE streaming of SD, full HD and 4K video sources including cameras, video files, DVDs, images, Powerpoint and much much more.

vMix Interface

As vMix is a software solution, we've enabled users to build their own custom computers at a fraction of the cost of traditional live production equipment. We have created vMix Reference Systems that will allow you to build a vMix PC with specifications to match your production needs. We also have a list of available system builders that can create a system for you!

Whether you are looking to produce big budget live concert productions, sporting events, Church services or small webcasts, then vMix is for you. Check out our Solutions page to see how vMix can fit into your workflow.

For a full list of what is possible with vMix view our features page.


 











GTA 5 Download - Grand Theft Auto V on PC for Free - Games Mania

Free Download Complete Setup Zip or Torrent File of GTA V by just one click. GTA V is a action, adventure and amazing game.

Grand Theft Auto V PC Game 2015 Overview:

GTA 5 is developed by Rockstar North and is published under the banner of Rockstar Games. The release date of this game is 14th April 2015. GTA V game can be played either by first person or by third person perspective.

GTA V Free Download

GTA V PC Game Free Download and get ready for action. The story revolves around Michael Townley who is under the witness protection in Las Santos, San Andreas after mismanaged robbery attempt at Ludendorff. Michael discovered that his wife is cheating upon him and has an affair with her tennis coach. Furious to hear about the affair, Michael chased down the coach and destroyed him. All of this happened in a mansion owned by the girlfriend of a drug lord Martin Madrazo. Now Martin demands a heist at a jewelry shop from Michael and from here onwards Michael’s life changed, his family left him and he with his old pals has been left entangled in the criminal underworld. Now the team has to pull off several fatal heists for their survival in the cold-blooded city where nobody is trustworthy. 


GTA V Free Download

GTA V has seen a major overhaul in technical and visual aspects. The visuals are more crispy with 4k resolution the player can experience lots of new additions like new weaponry, vehicles and wildlife. The traffic has been made denser. The weather system has been enhanced greatly. GTA V also includes a brand new Rockstar editor. Which will provides a whole bunch of editing tool to the player to create the gameplay clips and publish them on YouTube. Lots of mission and linear scenarios have been included Players can also roam freely here and there in an open world. The world depicted in GTA V is much larger than all the other previous releases and is comprised of countryside San Andreas plus fictional city of Las Santos. Player can run, jump and use vehicles to explore the area. Player can also use melee attacks and different explosive to compete with the enemies. GTA 5 like in all previous GTA releases features multiple radio stations which can be play several genres of music whenever the player enters in a vehicle.

GTA V Free Download



Features of GTA V PC Game:

Following are the main features of GTA V PC Game that you will be able to experience after the first install on your Operating System.
  • Impressive action adventure game.
  • Major overhauling in technical and visual aspects.
  • New weaponry, vehicles included.
  • New wildlife included.
  • Denser traffic.
  • Enhanced weather system.
  • Includes brand new Rockstar editor.
  • Can use melee attack and other explosives.
  • Features multiple radio station playing different genres of music.
GTA V Free Download


System Requirements of GTA V

Before you start GTA V Free Download make sure your PC meets minimum system requirements.
  • Operating System: Windows 7/ Windows 8 and 8.1 ( 64 Bit )
  • CPU: Intel Core to Quad 2.4 GHz
  • RAM: 4 GB
  • Setup Size: 59 GB
  • Hard Disk Space: 65 GB
GTA V Free Download

Download GTA V Free:

Click the Download Button to download GTA V Complete Free Setup .Zip File.

GTA V Free Download

Download GTA V Torrent:

Click the Download Button to download GTA V  Torrent File.

GTA V Torrent Download

Note μTorrent is required to download .torrent file

If you really like the Game buy GTA V at RockStar Games.

Friday, 21 September 2018

Nokia 5.1 plus coming on Sept 24 | checkout specs

Finally after the success of Nokia 6.1 plus the HMD Global is launching Nokia 5.1 plus, and revealing it's price. The device will be available on Flipkart exclusive.


Nokia 6.1 plus

As mentioned the phone will feature big HD+ 5.8" display with 19.9 ratio with top notch. The device is powered by 1.8 GHZ P60 Octa-core processor. The phone comes with 3 GB of RAM and with 32 GB of internal storage ( expendable upto 256 GB ).
The phone runs on Android Oreo 8.1 and backed with 3060 mAH battery. The AI powered camera with 13 MP + 5 MP depth sense let's you to take flawless photos.
And for selfies the front camera comes with 8 MP. Connectivity options include 4G VoLTE, Bluetooth 4.2, WiFi, GPS, GLONASS, dual-SIM and USB Type-C port. The phone  weighs 160 grams.

Quick specifications:

- 5.86-inch HD+ display (1520 x 720 pixels)
- sophisticated  AI for photos
- 13 MP rear camera with 5 MP depth sense
- 8 MP front camera
- 3 GB RAM with 32 GB of ROM (expendable upto 256 GB)
- secure and up-to-date Android Oreo
- 2.5D curvature and back glass

For security, the phones comes with fingerprint reader and AI face unlock.