illmob

Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability and a backdoor that allows an attacker remote code execution. Tenable issued the advisory today, the bugs are rated critical and tied to firmware possibly used in one of 100 different cameras that run the affected NVRMini2 webserver software. NUUO, the company that makes the firmware, is hopefully issuing a patch for the bug tomorrow, NUUO was notified in June of the vulnerability.
More info: :: tenable.com ::
POC can be found :: here ::

Matt harr0ey (@harr0ey) released a POC of an SVG Document ActiveX executing using a browser (not Internet Explorer) inside Microsoft Word. Details are on his blog homjxi0e.wordpress.com and a short demo video of it in action below

Part 3 of a series of posts by @TheMiddle, using uninitialized Bash variable to bypass Web Application Firewalls, tested on CloudFlare WAF and ModSecurity OWASP CRS. Chck it out ::HERE::