Collaborate Disseminate
I have a Laravel 5.8 app in a server running Apache/2.4.53 (cPanel) and PHP 7.4 (ea-php74) and i have VPS root WHM/cPanel access there. as any Laravel project, the "public" directory is web accessible and the subdomain points to … Continue reading unknown (malicious?) code and file in public dir (Laravel 5.8, apache/cPanel)
We use CentOS 7 and have only samba-client in our deployment.
(We do not have samba server in our deployment.)
Does the CVE-2020-25717 affect our deployment?
Continue reading Clarification regarding CVE-2020-25717 [migrated]
There is bug in pkexec program, CVE-2021-4034, which when exploited allows access to root shell.
Is the best way to fix an unpatched CentOS 7 server to just apply the temporary fix of running chmod 0755 /usr/bin/pkexec, and then patching i… Continue reading What exactly is the pkexec bug and how to patch it on CentOS 7? [closed]
Does the yum package manager in CentOS/RHEL-based systems require successful cryptographic authentication and integrity validation for all packages?
I know that software downloaded with apt-get packages must be cryptographically verified b… Continue reading Does yum enforce cryptographic authentication and integrity validation by default for all packages? (CentOS, RHEL)
So I’ve been compiling security advisories for various OSs, including both CentOS and RHEL. What I find confusing is CentOS should be a "similar but different" OS from RHEL counterpart, most notably from support for security patc… Continue reading What’s the difference between CentOS and RHEL security patches? [migrated]
I’m setting up a website on a Centos7 VPS with certbot and let’s encrypt.
I am no expert on network security. I checked to see if my epel-release was pulling certbot from a legit mirror.
I ran yum search epel-release three times back-to-b… Continue reading Certbot installation from cloudfront.net epel-release mirror
I want to exploit this code vulnerability and get it to launch me into a shell with privilege access. I’m guessing I need to "push" bob from its current address to address 0x41414142 using the "gets" function. I can onl… Continue reading Stack Smashing Short Problem
I am trying to complete a buffer overflow challenge. The code I am trying to exploit is below. I can only use the command line in a Linux environment.
I understand that writing more than 100 characters into "userString" will star… Continue reading Exploting a Stack Buffer Overflow vulnerability to get privilege access to system
I am going to change my router into bridge mode so that I have more flexibility in Computer Science. So now firewalld and SELinux are the two Security areas I need to manage properly. Is there anything else other than firewalld and SELinux… Continue reading Router To Bridge Mode [closed]
I get false positive ports that are marked open when using nmap with proxychains-ng (Using a proxy list that contains socks5 proxies). I’ve tried a couple of techniques to debug this strange behavior (by following this tutorial False Posit… Continue reading False positives (port scanning) when using proxychains-ng with nmap [closed]