WordPress Exploit Framework

WordPress Exploit Framework is a Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. Requirements Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command...

AutoLocalPrivilegeEscalation - An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically

An automated script that download potential exploit for linux kernel from exploitdb, and compile them automatically This script is created due to Hackademics, there are so much possible exploit for that version of kernel, as a rookie OSCP student, I am not able to find out the correct exploit, al...

sslscan - tests SSL/TLS enabled services to discover supported cipher suites

This is a fork of ioerror's version of sslscan the original readme of which is included below. Changes are as follows: Highlight SSLv2 and SSLv3 ciphers in output. Highlight CBC ciphers on SSLv3 POODLE. Highlight 3DES and RC4 ciphers in output. Highlight PFS+GCM ciphers as good in output. Highlig...

Mozilla Firefox ESR < 45.5 Multiple Vulnerabilities

Binary data 9805.prm...

Less.js Untrusted File Compilation / Code Execution

Advisory: Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting discovered behaviour in the Less.js compiler, which allows execution of arbitrary code if an untrusted LESS file is compiled. Details ======= Product: Less...

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

Powershell .NET Compiler

This module will build a .NET source file using powershell. The compiler builds the executable or library in memory and produces a binary. After compilation the PowerShell session can also sign the executable if provided a path the a .pfx formatted certificate. Compiler options and a list of...

Sandcat Browser 5.3 - PenTest Oriented Web Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...

CVE-2016-0930

Pivotal Cloud Foundry PCF Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH access by connecting within an installation-time period during which these VMs exist...

Dropbox: Subtile Code Injection Vulnerability in Dropbox for Windows

A mistake in our compilation meant that one of our Qt libraries was unintentionally loading a openssl.cnf from another user on Windows. The config file allowed the other user to specify a DLL to load, which meant that a user with this specific username could escalate privileges and execute code a...

Fedora 22 : nfdump (2016-3b49c9aa49)

nfdump 1.6.15 released. --- - Fix Security issue http://www.security-assessment.com/files/documents/advis ory/Nfdump%20nfcapd%201.6.14%20-%20Multiple%20Vulnerabil ities.pdf - Fix obyte, opps and obps output records - Fix wrong bps type case in cvs output. Fix opbs ipbs typos nfdump 1.6.14 release...

[SECURITY] Fedora 22 Update: pypy3-2.4.0-3.fc22

PyPy's implementation of Python 3, featuring a Just-In-Time compiler on som e CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

PowerShell Runspace Portable Post Exploitation Tool: PowerOPS

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell “easier” PowerOPS is an application written in C that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment .NET. It intends to...

CVE-2016-5040

libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read and crash via a large length value in a compilation unit header...

Security update for ntp (important)

ntp was updated to version 4.2.8p6 to fix 12 security issues. Also yast2-ntp-client was updated to match some sntp syntax changes. bsc937837 These security issues were fixed: - CVE-2015-8158: Fixed potential infinite loop in ntpq bsc962966. - CVE-2015-8138: Zero Origin Timestamp Bypass bsc963002....

دمج الصور و تجميع الصور - Dynamic Code Loading, Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application دمج الصور و تجميع الصور published at the 'play' market has multiple vulnerabilities...

Fedora 23 : pcre-8.38-1.fc23 (2015-994f0b3021)

This release fixes various bugs when compiling or matching expressions. It also fixes how pcregrep handles binary files. It also fixes a heap-based buffer overflow in pcreexec when ovector has size 1 bug 1285415 Note that Tenable Network Security has extracted the preceding description block...

AppLocker - Execution Prevention Bypass (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 'AppLocker Execution Prevention Bypass', 'Description' = %q This module will generate a .NET service executable on the target and utilise InstallUtil to...

Why shellcode analysis is difficult-vulnerability warning-the black bar safety net

Shellcode should be safe the areas of the core one of the things. toc We discuss the common shellcode analysis of the difficulty. shellcode is too full of imagination, itself the exploit is very imaginative, the use way is also very imaginative. Get additional resources Many of the shellcode is...