Villain - Windows And Linux Backdoor Generator And Multi-Session Handler That Allows Users To Connect With Sibling Servers And Share Their Backdoor Sessions

Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers other machines running Villain and share their backdoor sessions, handy for working as a team. The main idea behind the payloads generated by this tool is inherited from...

CodeIgniter4 Potential Session Handlers Vulnerability

Impact When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user pages, they may be able to access pages...

CVE-2022-46170: Potential Session Handlers Vulnerability

Impact When an application uses 1 multiple session cookies e.g., one for user pages and one for admin pages and 2 a session handler is set to DatabaseHandler, MemcachedHandler, or RedisHandler, then if an attacker gets one session cookie e.g., one for user pages, they may be able to access pages...

Updated php packages fix security vulnerability

GD - Fixed bug 81739: OOB read due to insufficient input validation in imageloadfont. Hash - Fixed bug 81738: buffer overflow in hashupdate on long parameter. Session - Fixed bug GH-9583 sessioncreateid fails with user defined save handler that doesn't have a validateId method. Streams - Fixed bu...

Graphical User Interface for Metasploit Meterpreter and Session Handler: Kage

Kage ka-geh is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads. For now it only supports windows/meterpreter & android/meterpreter Getting Started Please follow these instructions to get a copy of Kage running on your local...

DEBIAN-CVE-2018-11386

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...

Hardcoded credentials

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafte...

Screenie: Insecure temporary file usage

Background Screenie is a small screen frontend that is designed to be a session handler. Description Dmitry E. Oboukhov reported that Screenie does not handle "/tmp/.screenie." temporary files securely. Impact A local attacker could perform symlink attacks to overwrite arbitrary files with the...

Debian DSA-1282-1 : php4 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1286 Stefan Esser discovered an overflow ...