netABuse Insufficient Windows Authentication Logic Scanner

import os,re,time,signal,sys from subprocess import from multiprocessing import Process By John Page aka hyp3rlinx Apparition Security twitter.com/hyp3rlinx Advisory: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NET-USE-INSUFFICIENT-PASSWORD-PROMPT.txt...

ArgoSoft Mail Server Detection (HTTP)

Checks whether ArgoSoft Mail Server is present on the target system and if so, tries to figure out the installed version. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of t...

Denial Of Service (DoS)

The JSON gem is vulnerable to denial of service. An attacker is able to create arbitrary objects in the target system using malicious JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects. This can potentially result in a denial of service condition. This...

Apple Webkit Memory Corruption (CVE-2018-4438)

A memory corruption vulnerability exists in Apple WebKit. Successful exploitation of this vulnerability could allow attackers to execute code on the target system...

Microsoft Windows ulGetNearestIndexFromColorref Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Git Submodules Directory Traversal (CVE-2018-11235)

A directory traversal vulnerability exists in the Git client. The vulnerability is due to insufficient validation of submodule names in the .gitmodules file during checkout. Successful exploitation of this vulnerability could enable the attacker to execute arbitrary scripts on the target system...

Zoho ManageEngine OpManager External Entity Injection (CVE-2018-18980)

An External Entity Injection information disclosure vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the RequestXML parameter when processing requests sent to BusinessViewFlashImpl. A remote, unauthenticated attacker could exploit this...

CVE-2020-8010

CA Unified Infrastructure Management Nimsoft/UIM 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...

Input validation

CA Unified Infrastructure Management Nimsoft/UIM 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...

CVE-2020-8010

CA Unified Infrastructure Management Nimsoft/UIM 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system...

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability

A denial of service vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To...

CVE-2020-3927

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the attackers learn the specific API function, they may access arbitrary files on target system via crafted API parameter...

Remote code execution

A Remote Code ExecutionRCE vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts...

Microsoft Windows CLFS Driver Integer Overflow Information Disclosure Vulnerability

This vulnerability allows attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CLFS...

Novell HTTP Server Detection

Checks whether Novell HTTP Server is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the...

Omnicron OmniHTTPd Detection

Checks whether OmniHTTPd is present on the target system an if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU Gener...

Microsoft Windows Graphics Device Interface Information Disclosure (CVE-2019-0802)

An information disclosure vulnerability exists in Microsoft Graphics Device Interface of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. Successful exploitation could result in disclosure of information which could be used to further compromise the target...

Microsoft Windows Graphics Device Interface Information Disclosure (CVE-2019-0961)

An information disclosure vulnerability exists in Microsoft Graphics Device Interface of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. Successful exploitation could result in disclosure of information which could be used to further compromise the target...

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability

A denial of service vulnerability exists in Remote Desktop Protocol RDP when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding. To...

Microsoft Windows AppX Deployment Service Junction Arbitrary File Deletion Vulnerability

This vulnerability allows local attackers to delete arbitrary files on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppX...