CVE-2021-41088

Elvish (the language/shell) vulnerability CVE-2021-41088 affects versions prior to 0.14.0 where the web UI backend (elvish -web) accepts code from the web UI without proper origin validation. If a user has the web UI backend open and visits a malicious site, that site can send arbitrary code to t...

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System (IGSS) allows a intruder to perform arbitrary actions.

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System IGSS relates to reading data beyond the buffer in memory. Exploiting this vulnerability could allow a attacker to execute arbitrary code...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Proof of concept for CVE-2021-26084. Confluen...

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System (IGSS) allows a intruder to perform arbitrary actions.

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System IGSS is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a intruder to execute arbitrary code...

The vulnerability of the mdb database in the interactive graphical SCADA system allows a intruder to trigger a service failure.

The vulnerability of the mdb database in the Interactive Graphical SCADA System IGSS is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System (IGSS) allows a intruder to perform arbitrary actions.

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System IGSS is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a intruder to execute arbitrary code...

Keimpx - Check For Valid Credentials Across A Network Over SMB

keimpx is an open source tool, released under the Apache License 2.0. It can be used to quickly check for valid credentials across a network over SMB. Credentials can be: Combination of user / plain-text password. Combination of user / NTLM hash. Combination of user / NTLM logon session token. If...

ReverseSSH - Statically-linked Ssh Server With Reverse Shell Functionality For CTFs And Such

A statically-linkedssh server with a reverse connection feature for simple yet powerful remote access. Most useful during HackTheBox challenges, CTFs or similar. Has been developed and was extensively used during OSCP exam preparation. Get the latest Release Features Catching a reverse shell with...

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

Design/Logic Flaw

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System (IGSS) allows a intruder to perform arbitrary actions.

The vulnerability of the executable file Def.exe in the interactive graphical SCADA system Interactive Graphical SCADA System IGSS is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a intruder to execute arbitrary code...

CVE-2021-35448

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections...

CVE-2021-35448

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections...

CVE-2021-35448

The CVE-2021-35448 entry concerns Emote Interactive Remote Mouse 3.008 for Windows. Affected functionality is the Image Transfer Folder feature, where an attacker can navigate to cmd.exe, enabling arbitrary program execution with Administrator privileges. The exploit is a local privilege escalati...

Directory Traversal Vulnerability in Xiamen Phoenix Chuangyi Software Ltd.'s Chuangyi 100VR Visualization Intelligent Interactive Teaching Cloud Platform

The business scope of Xiamen Phoenix Chuangyi Software Co., Ltd. includes: software development; Internet information services; book publishing; newspaper publishing, and so on. Xiamen Phoenix Chuangyi Software Co., Ltd Chuangyi 100VR visualization intelligent interactive teaching cloud platform...

Joern - Open-source Code Analysis Platform For C/C++/Java Based On Code Property Graphs

Joern's Documentation is available here: https://docs.joern.io/home Quick Installation wget https://github.com/ShiftLeftSecurity/joern/releases/latest/download/joern-install.sh chmod +x ./joern-install.sh sudo ./joern-install.sh joern Compiling synthetic/ammonite/predef/interpBridge.sc Compiling...

CVE-2021-22914

Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information due to sensitive information being stored in the Citrix Cloud Connector installation log files. Such information could be used by an malicious actor to access a Citrix Cloud environment. This issue...

Interactive Graphical SCADA System (IGSS) out-of-bounds write vulnerability (CNVD-2021-42158)

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...