105 matches found
CVE-2024-32962
xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional...
openSUSE: Security Advisory for xen (SUSE-SU-2023:4466-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SMB Fetch, Reverse TCP Stager with UUID Support (Windows x64)
Fetch and execute an x64 payload from an SMB server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/smb/x64/peinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...
ALSA-2023:7549 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe CVE-2023-2163 kernel: tun: bugs for oversize packet when napi frags enabled in tunnapiallocfrag...
PT-2023-3411 · Cloudflare · Cloudflare Warp Client For Windows
Name of the Vulnerable Software and Affected Versions: Cloudflare WARP client for Windows versions up to 2023.3.381.0 Description: The issue is related to insufficient access control policy on an IPC Named Pipe, allowing a malicious actor to remotely access the warp-svc.exe binary. This could...
Upgraded Q -> M from #445 [1674423223201]
Judge has assessed an item in Issue 445 as M risk. The relevant finding follows: 5 Function crossChain in GovNFT should have limit for maximum tokens allowed to be transferred, because of gas limit in the dest chain. if a user transferred a lot of tokens because there was two loop inside each oth...
Microsoft Patch Tuesday for August 2022 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Vanja Svajcer. Microsoft released its monthly security update Tuesday, disclosing more than 120 vulnerabilities across its line of products and software, the most in a single Patch Tuesday in four months. This batch of updates also includes a fix for a new vulnerability in the...
Exploit for CVE-2022-26809
CVE-2022-26809WIP This repo just simply research for the...
WMIHACKER - A Bypass Anti-virus Software Lateral Movement Command Execution Tool
中文版Chinese version Disclaimer: The technology involved in this project is only for security learning and defense purposes, illegal use is prohibited! Bypass anti-virus software lateral movement command execution test tool(No need 445 Port) Introduction: The common WMIEXEC, PSEXEC tool execution...
Threat Analysis: CVE-2020-0796 – EternalDarkness (ghostSMB)
On March 10, 2020 analysis of a SMB vulnerability was inadvertently shared, under the assumption that Microsoft was releasing a patch for that vulnerability CVE-2020-0796. As of March 12, Microsoft has since released a patch for CVE-2020-0796, which is a vulnerability specifically affecting SMB3...
SMBGhost – Analysis of CVE-2020-0796
ARCHIVED STORY SMBGhost – Analysis of CVE-2020-0796 By Eoin Carrol - March 12, 2020 The Vulnerability The latest vulnerability in SMBv3 is a “wormable” vulnerability given its potential ability to replicate or spread over network shares using the latest version of the protocol SMB 3.1.1. As of...
get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN
Get teamviewer's ID and password from a remote computer in the LAN This program gets teamviewer's ID and password from a remote computer in the LAN. Most useful for postexploitation or sysadmins Tested on windows 7 and windows 10 x86 and x64 Prerequisites You must have valid credentials on the...
CVE-2018-20880
cPanel before 74.0.8 mishandles account suspension because of an invalid emailaccounts.json file SEC-445...
CVE-2018-20880
cPanel before 74.0.8 mishandles account suspension because of an invalid emailaccounts.json file SEC-445...
Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106716; scriptversion"1.6";...
Samba Version
Nessus was able to obtain the samba version from the remote operating by sending an authentication request to port 139 or 445. Note that this plugin requires SMB1 to be enabled on the host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid104887; scriptversion"1.2";...
SMBLoris: What You Need To Know
What's Up? Astute readers may have been following the recent news around "SMBLoris" -- a proof-of-concept exploit that takes advantage of a vulnerability in the implementation of SMB services on both Windows and Linux, enabling attackers to "kill you softly" with a clever, low-profile...
Microsoft Windows SMB Special Message Denial of Service Vulnerability
Microsoft Windows is a popular operating system. A security vulnerability exists in Microsoft Windows SMB processing of special messages, which allows remote attackers to conduct denial-of-service attacks by sending special requests to ports 445 and 139...
Petya-like Ransomware Explained
TL;DR summary June 28 and beyond: A major ransomware attack started in Ukraine yesterday and has spread around the world. The ransomware, which was initially thought to be a modified Petya variant, encrypts files on infected machines and uses multiple mechanisms to both gain entry to target...
WMI Event Subscription Persistence
This module will create a permanent WMI event subscription to achieve file-less persistence using one of five methods. The EVENT method will create an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified...