Exploit for Path Traversal in Grafana

Grafana CVE Scan 21-43798 0.1 Scanner for Grafana Path Tr...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4py pythonic pure python RCE exploit for CVE-2021-44228 log...

Chamilo LMS SQL Injection Vulnerability (CNVD-2021-95221)

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. chamilo LMS is vulnerable to a SQL injection vulnerability that originates in the main...

Chamilo LMS SQL注入漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. chamilo LMS is vulnerable to a SQL injection vulnerability that originates in the main...

EXOCET - AV-evading, Undetectable, Payload Delivery Tool

EXOCET is superior to Metasploit's "Evasive Payloads" modules as EXOCET uses AES-256 in GCM Mode Galois/Counter Mode. Metasploit's Evasion Payloads uses a easy to detect RC4 encryption. While RC4 can decrypt faster, AES-256 is much more difficult to ascertain the intent of the malware. However, i...

new packages: gcc-toolset-11-dyninst

An update is available for gcc-toolset-11-dyninst. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset is a compiler toolset that provides recent version...

LeakDB - Web-Scale NoSQL Idempotent Cloud-Native Big-Data Serverless Plaintext Credential Search

LeakDB is a tool set designed to allow organizations to build and deploy their own internal plaintext "Have I Been Pwned"-like service. The LeakDB tool set can normalize, deduplicate, index, sort, and search leaked data sets on the multi-terabyte-scale, without the need to distribute large files ...

CVE-2021-3709 Apport file permission bypass through emacs byte compilation errors

Function checkattachmentforerrors in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to...

JadedWraith - Light-weight UNIX Backdoor

Lightweight UNIX backdoor for ethical hacking. Useful for red team engagements and CTFs. Something I wrote a few years ago as part of a game I was playing with a friend to try to backdoor as many VMs in each other's labs without being caught or having our tools reverse engineered/signatured...

Detection evasion in CLR and tips on how to detect such attacks

In terms of costs, the age-old battle that pits attacker versus defender has become very one sided in recent years. Almost all modern attacks and ethical offensive exercises use Mimikatz, SharpHound, SeatBelt, Rubeus, GhostPack and other toolsets available to the community. This so-called...

PS2EXE - Module To Compile Powershell Scripts To Executables

Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one switch, real windows executables are generated. With Powershell 5.x support and graphical front end. Module version. You find the script based version here...

Libxsmm 代码问题漏洞

Libxsmm is a library. for specialized dense and sparse matrix operations as well as deep learning primitives e.g., small convolutions. A security vulnerability exists in libxsmm that stems from the presence of a null pointer dereference in JIT code. It allows an attacker to cause a denial of...

OPENSUSE-SU-2021:1244-1 Security update for ntfs-3g_ntfsprogs

This update for ntfs-3gntfsprogs fixes the following issues: Update to version 2021.8.22 bsc1189720: Fixed compile error when building with libfuse vs Allowed using the full library API on systems without extended attributes support Fixed DISABLEPLUGINS as the condition for not using plugins...

SUSE-SU-2021:2971-1 Security update for ntfs-3g_ntfsprogs

This update for ntfs-3gntfsprogs fixes the following issues: Update to version 2021.8.22 bsc1189720: Fixed compile error when building with libfuse vs Allowed using the full library API on systems without extended attributes support Fixed DISABLEPLUGINS as the condition for not using plugins...

Compilation database: An alternative way to configure your C or C++ analysis

Analyzing C or C++ code requires - in addition to the source code - the configuration that is used to build the code. At SonarSource, we have provided a tool to automate the extraction of this information, the build wrapper. This tool has been used successfully with many projects, yet there are...

OPENSUSE-SU-2021:1178-1 Security update for tor

This update for tor fixes the following issues: tor 0.4.6.7: Fix a DoS via a remotely triggerable assertion failure boo1189489, TROVE-2021-007, CVE-2021-38385 tor 0.4.6.6: Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch Enable the deterministic RNG for unit tests that covers the...

OPENSUSE-SU-2021:1169-1 Security update for tor

This update for tor fixes the following issues: tor 0.4.6.7: Fix a DoS via a remotely triggerable assertion failure boo1189489, TROVE-2021-007, CVE-2021-38385 tor 0.4.6.6: Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch Enable the deterministic RNG for unit tests that covers the...

Security update for tor (important)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2021:1169-1 Rating: important References: 1189489 Cross-References: CVE-2021-38385 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for tor fixes t...

Mozilla: Incorrect instruction reordering during JIT optimization

Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and...

OPENSUSE-SU-2021:1125-1 Security update for aria2

This update for aria2 fixes the following issues: Update to version 1.35.0: Drop SSLv3.0 and TLSv1.0 and add TLSv1.3 TLSv1.3 support is added for GNUTLS and OpenSSL. Platform: Fix compilation without deprecated OpenSSL APIs Remove linux getrandom and use C++ stdlib instead Don't send Accept...