Unrestricted file upload

Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified...

CVE-2014-8516

CVE-2014-8516 concerns Visual Mining NetCharts Server. The connected sources describe an unrestricted file upload vulnerability in the NetCharts Server web interface that allows remote attackers to execute arbitrary code by uploading a file with an executable extension and then accessing it via u...

CVE-2014-8516

Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors...

AVCLASS++ - Yet Another Massive Malware Labeling Tool

AVCLASS++ is an appealing complement to AVCLASS 1, a state-of-the-art malware labeling tool. Overview AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital...

Microsoft Windows .Group File - Code Execution Exploit

Exploit Title: Microsoft Windows .Group File - Code Execution Exploit Author: hyp3rlinx Vendor Homepage: www.microsoft.com Version: 1.9.6 Tested on: Windows CVE : N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Microsoft Windows .Group File - Code Execution

Exploit Title: Microsoft Windows .Group File - Code Execution Date: 2020-01-01 Exploit Author: hyp3rlinx Vendor Homepage: www.microsoft.com Version: 1.9.6 Tested on: Windows CVE : N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

UPX Floating Point Anomaly Vulnerability

UPX is a portable and extensible executable compression program. A security vulnerability exists in the 'PackLinuxElf::elfhash' function in the plxelf.cpp file in UPX version 3.95. An attacker can exploit this vulnerability to cause an application to crash, resulting in a denial of service...

Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reptile Rootkit reptilecmd Privilege Escalation', 'Description' = %q This module uses Reptile rootkit's reptilecmd backdoor executable to gain ro...

UPX Heap Buffer Overflow Vulnerability

UPX is a portable and extensible executable compression program. A buffer overflow vulnerability exists in the 'canUnpack' function of the pmach.cpp file in UPX version 3.95. The vulnerability stems from a networked system or product performing operations in memory without properly validating dat...

PT-2019-16068 · Upx Team +3 · Upx +2

Name of the Vulnerable Software and Affected Versions: UPX version 3.95 ALT Linux affected versions not specified Description: An issue was found in the canUnpack function in p mach.cpp, which can be triggered by a crafted Mach-O file, leading to an invalid memory address dereference...

Design/Logic Flaw

An unquoted search path vulnerability in Multiple Yokogawa products for Windows Exaopc R1.01.00 ? R3.77.00, Exaplog R1.10.00 ? R3.40.00, Exaquantum R1.10.00 ? R3.02.00 and R3.15.00, Exaquantum/Batch R1.01.00 ? R2.50.40, Exasmoc all revisions, Exarqe all revisions, GA10 R1.01.01 ? R3.05.01, and...

Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References

A normal flask web app to learn win32api with code snippets and references. Prerequisite You need to download the following package before starting it pip install flask pip install pefile pip install requests Usage $ python flaskapp.py Live Demo Here is the Walkthrough: 1. Upload the exe or dll. ...

Reptile Rootkit reptile_cmd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reptile Rootkit reptilecmd Privilege Escalation', 'Description' = %q This module uses Reptile rootkit's reptilecmd backdoor executable to gain ro...

The vulnerability of the application management tools and Flatpak environments, related to errors in processing file descriptors, allows a hacker to modify any executable files on the host side.

The vulnerability of the application management tool and the Flatpak environment is related to errors in processing file descriptors. Exploiting this vulnerability allows an attacker to modify arbitrary executable files on the host by executing the “applyextra” script...

Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output

Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output. The tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint is...

Unspecified Vulnerability in ASUS ATK Package

ASUS ATK Package is a software package from Asus Taiwan, China for installing drivers and software in ASUS computers. A security vulnerability exists in the AsLdrSrv.exe file in versions prior to ASUS ATK Package V1.0.0061 for Windows 10 notebook PCs. An attacker can exploit the vulnerability to...

Design/Logic Flaw

The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...

Pbtk - A Toolset For Reverse Engineering And Fuzzing Protobuf-based Apps

Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structures , which is then compiled to code or another kind of structure depending on the target implementation. pbt...

CVE-2019-14568

Improper permissions in the executable for IntelR RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access...

Bash Profile Persistence

This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...