Code injection

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the factertask or puppetconf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this...

CVE-2018-6389 WordPress Parameter Resource Consumption Remote DoS

Yesterday Monday, February 5, 2018, a zero-day vulnerability in WordPress core was disclosed, which allows an attacker to perform a denial of service DoS attack against a vulnerable application. The vulnerability exists in the modules used to load JS and CSS files. These modules were designed to...

Automated Mass Exploiter: AutoSploit

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache , IIS , etc, upon which a list of...

Evilgrade - Modular Framework To Take Advantage Of Poor Upgrade Implementations By Injecting Fake Updates

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries agents, a working default configuration for fast pentests, and has it's own WebServer and DNSServer modules. Easy to set up new...

Node.js third-party modules: Prototype pollution attack (merge-recursive)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the merge-recursive library. Module: merge-recursive Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control...

Node.js third-party modules: Prototype pollution attack (deep-extend)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the deep-extend library. Module: deep-extend Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control part of...

PiDense - Monitor Illegal Wireless Network Activities (Fake Access Points)

Monitor illegal wireless network activities. Similar SSID broadcasts Same SSID broadcasts Calculates unencrypted wireless networks density Watches SSID broadcasts at the blacklist. Capabilities Now Calculates Unencrypted wireless network density Finds same ssid, different encryption Working...

Node.js third-party modules: Prototype pollution attack (mixin-deep)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the mixin-deep library. Module: mixin-deep Summary: Utilities function in all the listed modules can be tricked into modify the prototype of "Object" when the attacker control part of the...

Node.js third-party modules: [crud-file-server] Stored XSS in filenames when directory index is served by crud-file-server

Hi Guys, crud-file-server allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. Module crud-file-server This package exposes a directory and its children to create, read, update, and delete operations over http...

Node.js third-party modules: Prototype pollution attack (merge-deep)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the merge-deep library. Module: merge-deep Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control part of th...

Node.js third-party modules: Prototype pollution attack (assign-deep)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the assign-deep library. Module: assign-deep Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control part of...

Node.js third-party modules: Prototype pollution attack (merge-objects)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the merge-objects library. Module: merge-object Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control part ...

Node.js third-party modules: Prototype pollution attack (defaults-deep)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the defaults-deep library. Module: https://www.npmjs.com/package/defaults-deep Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object"...

Node.js third-party modules: Prototype pollution attack (lodash)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the lodash library. Module: lodash Summary: Utilities function in all the listed modules can be tricked into modify the prototype of "Object" when the attacker control part of the structure...

metasploit-framework

This is the Metasploit Framework repository. It is an offensive tool for penetration testing and vulnerability exploitation. The primary vulnerability class/vector targeted by this framework is not explicitly stated, but it is likely to be a wide range of vulnerabilities, including remote code...

Node.js third-party modules: [simple-server] HTML with iframe element can be used as filename, which might lead to load and execute malicious JavaScript

Hi Guys, simple-server allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. This is caused by outdated version of connect framework. Module: Simple Server allows you to easily get a node.js static file server up and running anywhere anytime...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSH vulnerabilities (USN-3538-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3538-1 advisory. Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this iss...

Node.js third-party modules: [serve] Directory index of arbitrary folder available due to lack of sanitization of %2e and %2f characters in url

Hi, This report is about Arbitrary Directory Listing vulnerability I found in serve module. Vulnerability does not allow to open arbitrary file due to send module which handles file reading and implements its own validation and protection against Path Traversal attacks. However serve handles...

ZUUSE BEIMS ContractorWeb .NET Unauthorized Operation Vulnerability

ZUUSE BEIMS ContractorWeb .NET is a suite of infrastructure management software from ZUUSE Australia. An unauthorized operation vulnerability exists in ZUUSE BEIMS ContractorWeb .NET version 5.18.0.0. An attacker can exploit this vulnerability to access multiple /UserManagement/privileged modules...

CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...