vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenient and...

GO-2020-0028 Denial of service via malformed zone file in github.com/miekg/dns

Due to a nil pointer dereference, parsing a malformed zone file containing TA records may cause a panic. If parsing user supplied input, this may be used as a denial of service vector...

GO-2020-0008 Insecure generation of random numbers in github.com/miekg/dns

DNS message transaction IDs are generated using math/rand which makes them relatively predictable. This reduces the complexity of response spoofing attacks against DNS clients...

Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code

Automatically detect control-flow flattening and other state machines Author: Tim Blazytko Description: Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Implementation is based on Binary Ninja. Check out the following blog post for more...

ProxyLogon - PoC Exploit for Microsoft Exchange

PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanull How to use: python proxylogon.py Example: python proxylogon.py primary [email protected] If successful you will be dropped into a webshell. exit or quit to escape from the webshell or ctrl+c By default, it...

CVE-2021-26275

The eslint-fixer package through 0.1.5 for Node.js allows command injection via shell metacharacters to the fix function. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The ozum/eslint-fixer GitHub repository has been intentionally deleted...

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

Microsoft has released an updated script that scans Exchange log files for indicators of compromise IOCs associated with the vulnerabilities disclosed on March 2, 2021. CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizatio...

CVE-2021-22881

creationtimestamp| type| source ---|---|--- 2021-02-11 20:42:39+00:00| seen| https://t.me/cibsecurity/23449 2026-01-21 08:13:17+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-22881.yaml 2026-01-21 21:03:00+00:00| seen|...

Automated application scanning: handling complicated logins with AppScan (only!)

Ory Segal @orysegal from IBM Rational reached out with a simpler method to handle this natively in AppScan. It involves configuring AppScan to add a custom parameter to each request. For the sample case in the authexamples GitHub repository it would be handled like this...

Welcome to ThreatPursuit VM: A Threat Intelligence and Hunting Virtual Machine

Skilled adversaries can deceive detection and often employ new measures in their tradecraft. Keeping a stringent focus on the lifecycle and evolution of adversaries allows analysts to devise new detection mechanisms and response processes. Access to the appropriate tooling and resources is critic...

Lockphish - The First Tool For Phishing Attacks On The Lock Screen, Designed To Grab Windows Credentials, Android PIN And iPhone Passcode

Lockphish it's the first tool 07/04/2020 for phishing attacks on the lock screen, designed to grab Windows credentials, Android PIN and iPhone Passcode using a https link. LockPhish Tutorial:https://www.kalilinux.in/2020/05/lockphish.html Author: The Linux Choice Who deleted his GitHub repository...

Solana BBP: Public and secret api key leaked via Solana BBP github repo

Sumarry: Most often Developers for their ease of use,leave API keys and some sensitive keys ,Tokens as hardcoded strings,which isn't really a good ideas as it can result in Leaks of sensitive information getting in Wrong Hands which indeed can results in Data theft and Tampering with how the...

Arbitrary File Read

github.com/grafana/grafana is vulnerable to arbitrary file read. Lack of proper handling of MySQL data source connection string allows an authenticated user having privilege to modify the configuration to read arbitrary files...

pwntools

This is an offensive tool for exploit development and CTF Capture The Flag framework. The tool is called pwntools and is used for exploit development and CTF challenges. It provides a set of tools and libraries for exploiting vulnerabilities and solving CTF challenges. The tool is written in Pyth...

CVE-2020-11984

creationtimestamp| type| source ---|---|--- 2020-08-07 20:55:22+00:00| seen| https://t.me/cibsecurity/13977 2020-08-25 07:24:53+00:00| seen| https://t.me/cKure/1973 2020-08-25 08:58:52+00:00| seen| https://t.me/thehackernews/816 2020-08-26 05:45:23+00:00| seen|...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902 IoC Detection Tool This script is intended to b...

Moderate: Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update

An update for microcodectl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Moderate: Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update

An update for microcodectl is now available for Red Hat Enterprise Linux 7.4 Advances Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Moderate: Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update

Updated microcodectl packages that fix several security bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update

An update for microcodectl is now available for Red Hat enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...