CVE-2017-3881: Cisco Catalyst switches remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Your Catalyst switches whether to enable the telnet in? If Yes, it would have to be careful. This article will be to introduce the reader for the equipped with the latest firmware the Catalyst 2960 switch the remote code execution vulnerability proof-of-concept attack technique. Specific exploit...

Schneider Electric Interactive Graphical SCADA DLL Load Remote Code Execution Vulnerability

Schneider Electric Interactive Graphical SCADA System Software is a suite of automation software for process control and supervision of SCADA systems from the French company Schneider Electric SchneiderElectric. A DLL loading remote code execution vulnerability exists in Schneider Electric...

Fortinet FortiOS SSH Undocumented Interactive Login Vulnerability (FG-IR-16-001) (SSH) - Active Check

An undocumented account used for communication with authorized FortiManager devices exists on some versions of FortiOS. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

StrutsShell Apache Struts CVE-2017-5638 Shell Introducti...

Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638

Improves manipulation and sending commands to the vulnerable Apache Struts server using a shell. Usage: python Struts2Shell.py Download Struts2Shell...

Interactive Multi User Javascript Shell: JSShell

Interactive Multi User Javascript Shell An interactive multi-user web based shell written in Python with Flask for server side and of course Javascript and HTML client side. It was initially created in order to debug remote esoteric browsers during tests and research. Features Multi client suppor...

Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1021 Windows: COM Session Moniker EoP Platform: Tested on Windows 10 14393, Server 2012 R2 Class: Elevation of Privilege Summary: When activating an object using the session moniker the DCOM activator doesn’t check if the current...

shopify-scripts: SIGABRT in only mirb

PoC ------------------- The following code triggers the bug attached as test.rb: def tostr 00end 0.times Debug - mirb ------------------- The program being debugged has been started already. Start it from the beginning? y or n y Starting program: /home/x/Desktop/test/mruby/bin/mirb test.rb mirb -...

[SECURITY] Fedora 25 Update: mupdf-1.10a-1.fc25

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

[SECURITY] Fedora 24 Update: mupdf-1.10a-1.fc24

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

Taoyun Interactive Android app suffers from arbitrary password reset vulnerability

Tao Yun Interactive App is a children's learning and socialization app. Taoyun Interactive Android app has an arbitrary password reset vulnerability. It allows attackers to exploit the vulnerability to change the password of the other party by only requiring their cell phone number...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

Complete Client Management And Billing 1.0.1 SQL Injection

Exploit Title: Complete Client Management & Billing v1.0.1 Script- SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://www.ynetinteractive.com/ Software Buy: http://www.ynetinteractive.com/clientexpert/demo.php Demo: http://www.ynetinteractive.com/clientexpert/demo.php Version...

Client Expert 1.0.1 - SQL Injection

Client Expert 1.0.1 - SQL Injection Exploit Title: Complete Client Management & Billing v1.0.1 Script- SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://www.ynetinteractive.com/ Software Buy: http://www.ynetinteractive.com/clientexpert/demo.php Demo:...

[SECURITY] Fedora 24 Update: mapserver-6.2.4-1.fc24

Mapserver is an internet mapping program that converts GIS data to map images in real time. With appropriate interface pages, Mapserver can provide an interactive internet map based on custom GIS data...

reversemap - Analyse SQL injection attempts in web server logs

Analyse SQL injection attempts in web server logs The program can either be run in batch mode or interactive mode. In batch mode the program will accept Apache web server logs and will deobfuscate requested URLs from the logs. In interactive mode the program will prompt for user input and will...

Hardware Bridge Session Connector

The Hardware Bridge HWBridge is a standardized method for Metasploit to interact with Hardware Devices. This extends the normal exploit capabilities to the non-ethernet realm and enables direct hardware and alternative bus manipulations. You must have compatible bridging hardware attached to this...

Windows 'Run As' Using Powershell

This module will start a process as another user using powershell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 'Run As' Using Powershell', 'Description' = %q This module will start...

IBM AIX Local Elevation of Privilege Vulnerability (CNVD-2016-13013)

IBM AIX Advanced Interactive eXecutive is a UNIX operating system developed by IBM. A security vulnerability exists in IBM AIX versions 6.1, 7.1 and 7.2. A local attacker can exploit this vulnerability to gain root privileges on the target system...

IT Threat GeoDashboard: Suspicious

IT Threat GeoDashboard Suspicious is a combination of Open Source software configured to give end users a view on IT threats over an interactive geographical dashboard. You’ll just need an Internet Browser to access the dashboard. This application has been build on a GNU/Linux environment and may...