117 matches found
Remote code execution
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary progra...
CVE-2017-14187
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary progra...
CVE-2017-14187
A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary progra...
FortiOS local privilege escalation via malicious use of USB storage devices
An admin user with superadmin privileges can execute an arbitrary binary contained on an USB drive plugged to a FortiGate, via linking the aforementioned binary to a command that is allowed to be run by the fnsysctl CLI command...
Exploit for CVE-2017-8464
CVE-2017-8464-exp-generator this tool can generate a exp for c...
This is How CIA Disables Security Cameras During Hollywood-Style Operations
In last 20 years, we have seen hundreds of caper/heist movies where spies or bank robbers hijack surveillance cameras of secure premises to either stop recording or set up an endless loop for covert operations without leaving any evidence. Whenever I see such scenes in a movie, I wonder and ask...
LNK Code Execution Vulnerability
This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 CVE-2015-0096. The created LNK file is similar except an additional SpecialFolderDataBlock is included. The...
Microsoft Windows LNK Shortcut File Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Remote Code Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the handling of Windows Shortcut files .LNK...
Windows PowerShell LLMNR/NBNS spoofer: Inveigh
Windows PowerShell LLMNR/NBNS spoofer Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted...
How to attach USB drive as a local Storage on XenServer
To attach a USB drive as a local storage on XenServer Host...
WAS - Automatic USB Drive Malware Scanning Tool For The Security-Minded Person
Author: Fabio Baroni http://www.pentest.guru/ @Fabiothebest89 How many times have you plugged in a USB drive and double clicked on a file without scanning for malware? I guess, MANY. Wait A Sec! Even if you are a security guy, you'll often be in a hurry or absent minded and you trust your USB dri...
My.WiFi USB Drive 1.0 iOS - File Include Vulnerability
Exploit for iOS platform in category web applications Document Title: =============== My.WiFi USB Drive v1.0 iOS - File Include Vulnerability Product & Service Introduction: =============================== My WiFi USB drive. Files can be uploaded with any browser. Start the WiFi Drive web server...
My.WiFi USB Drive v1.0 iOS - File Upload Web Vulnerability
Document Title: =============== My.WiFi USB Drive v1.0 iOS - File Upload Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1589 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID: ====================================...
USBKill — Code That Kills Computers Before They Examine USBs for Secrets
USBkill — A new program that once activated, will instantly disable the laptop or computer if there is any activity on USB port. Hey Wait, don’t compare USBkill with the USB Killer stick that destroy sensitive components of a computer when plugged-in. "USBKill" is a new weapon that could be a boo...
Microsoft Windows not the USB drive overflow vulnerability-vulnerability warning-the black bar safety net
Affected system: Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microsoft Windows Server 2 0 0 3 SP1 Microsoft Windows Server 2 0 0 3 Microsoft Windows ME Microsoft Windows 98se Microsoft Windows 9 8 Microsoft Windows 2000SP4 Microsoft Windows 2000SP3 Microsoft Windows 2000SP2 Microsoft Window...
Wifi Drive Pro 1.2 iOS - Local File Inclusion
Wifi Drive Pro 1.2 iOS - Local File Inclusion Document Title: =============== Wifi Drive Pro v1.2 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1447 Release Date: ============= 2015-03-13 Vulnerability Laboratory ID...
Details Surface on Stuxnet Patch Bypass
It took 10 hours to find what had eluded others for close to five years. German computer science student Michael Heerklotz spent the Christmas holiday reading Countdown to Zero Day, a narrative on the discovery and impact of Stuxnet, the computer worm considered one of the first cyberweapons, and...
Mariposa Botnet
Overview ICS-CERT has received reports and investigated infections of the MariposaDefence Intelligence, http://defintel.com/docs/MariposaAnalysis.pdf, website last accessed March 15, 2010. botnet, which have affected the business networks of multiple control system owners in recent months. ICS-CE...
Malware infected International Atomic Energy Agency Computers
Hackers and malware are everywhere, waiting for you around every corner of the Internet. The International Atomic Energy Agency IAEA, which holds highly sensitive information and plays a key role in global efforts to prevent the spread of nuclear weapons, said on Tuesday that some of its computer...
D-Link DIR-505 1.06 - Multiple Vulnerabilities
D-Link DIR-505 1.06 - Multiple Vulnerabilities Multiple vulnerabilities on D-Link Dir-505 devices ================================================== ADVISORY INFORMATION Title: Multiple vulnerabilities on D-Link Dir-505 devices Discovery date: 05/04/2013 Release date: 09/09/2013 Credits: Alessand...