File Upload Vulnerability in Wecenter of Shenzhen Weike Interactive Co.

WeCenter is an open source knowledge-based social Q&A community program that focuses on organizing, categorizing and retrieving community content and distributing it by connecting to WeChat public platforms, mobile APPs. A file upload vulnerability exists in Shenzhen WeCenter, which can be...

Unix Command Shell, Reverse TCP (via Tclsh)

Creates an interactive shell via Tclsh This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 184 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinf...

[SECURITY] Fedora 30 Update: zsh-5.7.1-6.fc30

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell the Korn shell, but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell...

Fedora: Security Advisory for zsh (FEDORA-2020-9009363f0f)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: zsh-5.7.1-6.fc31

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell the Korn shell, but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell...

Interactive Marketing Intelligent Sales Platform suffers from SQL Injection Vulnerability

Baoding Interactive Enterprise Marketing Planning Co., Ltd. is to provide information technology local services for China's enterprises, in the domestic mode of operation to realize the enterprise information. SQL injection vulnerability exists in Interactive Marketing Intelligent Sales Platform...

Linux: ALWAYS_SET_PATH in /etc/login.defs

su allows to run commands with a substitute user and group ID. When called with no user specified, su defaults to running an interactive shell as root. When user is specified, additional arguments can be supplied, in which case they are passed to the shell. If ALWAYSSETPATH is set to yes in...

CTFTOOL - Interactive CTF Exploration Tool

An Interactive CTF Exploration Tool This is ctftool, an interactive command line tool to experiment with CTF, a little-known protocol used on Windows to implement Text Services. This might be useful for studying Windows internals, debugging complex issues with Text Input Processors and analyzing...

freeFTPd v1.0.13 - freeFTPdService Unquoted Service Path

freeFTPd v1.0.13 - freeFTPdService Unquoted Service Path Exploit Title: freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeFTPd.exe Version: 1.0.13 Tested On: Windows ...

GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat

Here, a new Dalvik bytecode decompiler, GDA（this project started in 2013 and released its first version 1.0 in 2015 at www.gda.com: 9090 , is proposed and implemented in C++ to provide more sophisticated, fast and convenient decompilation support. GDA is completely self-independent and very stabl...

Hershell - Multiplatform Reverse Shell Generator

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...

Install OpenSSH for Windows

This module installs OpenSSH server and client for Windows using PowerShell. SSH on Windows can provide pentesters persistent access to a secure interactive terminal, interactive filesystem access, and port forwarding over SSH. This module requires Metasploit: https://metasploit.com/download...

Oracle January 2020 Critical Patch Update Multiple Vulnerabilities

Description Oracle has released advance notification regarding the January 2020 Critical Patch Update CPU to be released on January 14, 2020. The update addresses 333 vulnerabilities affecting the following software: Oracle Database Server, versions 12.2.0.1, 18c, 19c Oracle Communications Design...

SYS.1.2.2.A14

Ziel des Bausteins SYS.1.2.2 ist die Absicherung von Microsoft Windows Server 2012 und Microsoft Windows Server 2012 R2. Die Kern-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-43414)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in app/fifolist/fifointeractive.php in FusionPBX 4.4.1. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the c...

Mersive Solstice 2.8.0 - Remote Code Execution

Mersive Solstice 2.8.0 - Remote Code Execution Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link:...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact Please review th...

Vulnx v1.9 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress, Joomla, Drupal, Prestashop...)

Vulnx is An Intelligent Bot Auto Shell Injector that detect vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more ... Instead of injecting each and...

Microsoft Windows 'Win32k' CVE-2019-1408 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows Win32k CVE-2019-1393 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...