“Alexa, are you spying on me?” — aaaa…..mmmm…..hmmm…..maybe!!!
Security researchers have developed a new malicious ‘skill’ for Amazon’s popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device.
This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable.
Google Chrome V8 Await methods call ResolveNativePromise which calls InternalResolvePromise which can invoke a user JavaScript code through a “then” getter. If the AwaitedPromise is replaced by the user script, the AwaitedPromise will be immediately ov…
This is a simple proof of concept exploit for Drupal versions prior to 7.58 that demonstrate the drupalgeddon3 authenticated remote code execution vulnerability.
