Big-ip Gtm & Dns Security Vulnerabilities

RHEL 5 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

EulerOS 2.0 SP11 : unbound (EulerOS-SA-2024-1794)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the...

RHEL 7 : libndp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. libndp: buffer overflow flaw in DNS Search List (DNSSL) handling (CVE-2014-3554) Note that Nessus has not tested for...

RHEL 6 : c-ares (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. c-ares: Single byte out of buffer write (CVE-2016-5180) The c-ares function ares_parse_naptr_reply(),...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1807)

The remote host is missing an update for the Huawei...

RHEL 8 : avahi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. avahi: Multicast DNS responds to unicast queries outside of local network (CVE-2017-6519) Note that Nessus has not...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1783)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1795)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1802)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

Job For .local Domain Fails When Using Ubuntu-base VMware Backup Proxy

This issue occurs because .local is only intended for multicast DNS, and Ubuntu's default configuration prevents the use of .local for unicast DNS. As a result, the Ubuntu-based machine does not contact the network's DNS server when attempting to resolve .local...

RHEL 6 : nfs-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. nfs-utils: rpc.gssd is vulnerable to DNS spoofing (CVE-2013-1923) Note that Nessus has not tested for this issue but...

RHEL 5 : cups (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. cups: code execution via unescape ANSI escape sequences (CVE-2014-8166) cups: incorrect string reference...

RHEL 5 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file ...

RHEL 6 : django (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-django: DNS rebinding vulnerability when 'DEBUG=True' (CVE-2016-9014) Django before 1.4.21, 1.5.x...

RHEL 6 : nagios (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. nagios: Configured administrative account with fixed password and no IP restriction as default ...

RHEL 7 : iproute (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. iproute: use-after-free in get_netnsid_from_name in ip/ipnetns.c (CVE-2019-20795) Note that Nessus has not tested...

RHEL 6 : avahi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. avahi: Multicast DNS responds to unicast queries outside of local network (CVE-2017-6519) Note that Nessus has not...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1794)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2024-1784)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : dnsmasq (EulerOS-SA-2024-1796)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1802)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1790)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its...

RHEL 8 : iscsi-initiator-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. iscsi-initiator-utils: Heap-based buffer overflow in process_iscsid_broadcast() (CVE-2017-17840) An...

RHEL 7 : iscsi-initiator-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. iscsi-initiator-utils: Heap-based buffer overflow in process_iscsid_broadcast() (CVE-2017-17840) An...

ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

ip SSRF improper categorization in isPublic

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919-Sniper ![CVE-2024-24919 Sniper...

Apache HugeGraph-Server - Remote Command Execution

Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE_2024_24919 Vulnerability Scanner This Java tool scans a...

[SECURITY] Fedora 39 Update: rust-local_ipaddress-0.1.3-8.fc39

Get your local IP address without...

changedetection 0.45.20 Remote Code Execution Exploit

...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit

...

Aquatronica Control System 5.1.6 Password Disclosure Exploit

Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords....

ip172.ip-51-255-15.eu Cross Site Scripting vulnerability OBB-3932087

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Esse projeto tem como objetivo criar uma...

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-3254)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3254 advisory. aardvark-dns buildah [2:1.33.7-1] - update to the latest content of https://github.com/containers/buildah/tree/release-1.33 ...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

...

Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2024-3267)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3267 advisory. bind-dyndb-ldap custodia ipa [4.9.13-9.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [9.4.13-9] - dcerpc:...

Exploit for CVE-2024-27348

CVE-2024-27348 **For Ethical Usages only, Any harmful or...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Exploit Overview This repository contains...

OS X x64 Shell Bind TCP

Bind an arbitrary command to an arbitrary...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

CVE-2024-24919 Exploit tool to validate CVE-2024-24919...

OSX aarch64 Shell Reverse TCP

Connect back to attacker and spawn a command...

How to tell if a VPN app added your Windows device to a botnet

On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....

Server Side Request Forgery (SSRF)

ip is vulnerable to Server Side Request Forgery (SSRF). The vulnerability is due to some IP addresses being improperly categorized via the isPublic, isPrivate, and isLoopback methods, which allows an attacker to perform Server-Side Request Forgery (SSRF) if an application utilizes the library to...

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

Check point:CVE-2024-24919 ...

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...