115 matches found
InlineExecute-Assembly - A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution
InlineExecute-Assembly is a proof of concept Beacon Object File BOF that allows security professionals to perform in process .NET assembly execution as an alternative to Cobalt Strikes traditional fork and run execute-assembly module. InlineExecute-Assembly will execute any assembly with the entr...
Exploit for Server-Side Request Forgery in Microsoft
It is an offensive tool for Microsoft Exchange server vulnerabil...
CVE-2020-25191
The CVE-2020-25191 entry documents an authentication-agnostic issue in the NI CompactRIO API entry-point: default incorrect permissions could allow a non-authenticated user to trigger a function that rebooted the device remotely on Driver versions prior to 20.5. Affected product: CompactRIO contr...
National Instruments Compactrio License Issue Vulnerability
National Instruments Compactrio is an embedded controller for industrial control from National Instruments. An authorization issue vulnerability exists in versions prior to CompactRIO Driver 20.5, which stems from an incorrect privilege setting service for a specific API entry point by default,...
Windows Inject PE Files, Windows x86 Reverse Named Pipe (SMB) Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Exploit for CVE-2020-11651
It is an exploit module for Apache HTTP Server versions prior to...
Lunar - A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory
A lightweight native DLL mapping library that supports mapping directly from memory Features Imports and delay imports are resolved Relocations are performed Image sections are mapped with the correct page protection Exception handlers are initialised A security cookie is generated and initialise...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
It is an offensive tool for Windows. This repository contains a...
IBM Security Directory Server Information Disclosure Vulnerability (CNVD-2020-04412)
IBM Security Directory Server is a suite of enterprise identity management software from IBM USA that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. IBM Security Directory Server version 6.4.0 is deployed using...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Tintin Tintin\+\+
PoC exploit for CVE-2008-0671. The target product/service is Windows SMB Server Message Block service. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the NetAPI function in the Windows SMB service. Notable dependencies/tooling include Impacket and PyCrypt...
Donut - Generates X86, X64, Or AMD64+x86 Position-Independent Shellcode That Loads .NET Assemblies, PE Files, And Other Windows Payloads From Memory
Donut generates x86 or x64 shellcode from VBScript, JScript, EXE, DLL including .NET Assemblies files. This shellcode can be injected into an arbitrary Windows processes for in-memory execution. Given a supported file type, parameters and an entry point where applicable such as Program.Main, it...
Pwning a Siemens Scalance ICS switch through ARM reversing
We’ve been working in industrial control systems security for a long time. Several of the team here used to work in OT control rooms or support SCADA environments. Whilst pen testing a ship control system, we noticed a heavy reliance on Siemens Scalance industrial ethernet switches, so bought a...
Exploit for Use After Free in Microsoft
It is an exploit module for Windows Remote Desktop Service vul...
Reversing malware in a custom format: Hidden Bee elements
Malware can be made of many components. Often, we encounter macros and scripts that work as malicious downloaders. Some functionalities can also be achieved by position-independent code—so-called shellcode. But when it comes to more complex elements or core modules, we almost take it for granted...
Exploit for Race Condition in Oracle Mysql
It is an exploit module for Apache HTTP Server. The target pr...
openSUSE Security Update : icedtea-web (openSUSE-2015-602)
The icedtea-web java plugin was updated to 1.6.1. Changes included : - Enabled Entry-Point attribute check - permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. - fixed DownloadService - comments in deployment.properties n...
Security update for icedtea-web (important)
The icedtea-web java plugin was updated to 1.6.1. Changes included: Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService comments in deployment.properties now should...
PHP-Nuke <= 8.0 XSS & HTML Code Injection in News Module
No description provided by source. Software Link: http://www.phpnuke.org/modules.php?name=Downloads&dop=viewdownload&cid=1 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= note : This bug found by tampering passed data . coders don't sanitize and check user entry point for news rate...
import_results
This plugin serves as an entry point for the results of other tools that identify URLs. The plugin reads from different input files and directories and creates the fuzzable requests which are needed by the audit plugins. Two configurable parameter exist: inputcsv inputburp One or more of these ne...
Cyberoam Unified Threat Management: Insecure Password Handling
Hi, Please find below the details of a vulnerability I discovered in Cyberoam UTM device. The Vendor was notified, however I did not receive any response from Vendor despite repeated email reminders. SECURITY ADVISORY: cyberoam-utm-insecure-password-handling Affected Software: Cyberoam CR50ia...