Cabot 0.11.12 - Persistent Cross-Site Scripting

Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...

vBulletin 5.x Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x /ajax/render/widgettabbedcontainertabpanel PHP remote code execution.', 'Description' = %q This module exploits a logic bug within...

vBulletin 5.x Remote Code Execution Exploit

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widgettabbedcontainertabpanel template while also providing the widgetphp argument. This causes the former template to load...

vBulletin 5.6.1 SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin /ajax/api/contentinfraction/getIndexableContent nodeid Parameter SQL Injection', 'Description' = %q This module exploits a SQL injectio...

vBulletin 5.6.1 SQL Injection Exploit

This Metasploit module exploits a SQL injection vulnerability found in vBulletin versions 5.6.1 and below. This module uses the getIndexableContent vulnerability to reset the administrator's password and it then uses the administrators login information to achieve remote code execution on the...

vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection

This module exploits a SQL injection vulnerability found in vBulletin 5.x.x to dump the user table information or to dump all of the vBulletin tables based on the selected options. This module has been tested successfully on VBulletin Version 5.6.1 on Ubuntu Linux. This module requires Metasploit...

vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection

This module exploits a SQL injection vulnerability found in vBulletin 5.6.1 and earlier This module uses the getIndexableContent vulnerability to reset the administrators password, it then uses the administrators login information to achieve RCE on the target. This module has been tested...

UBUNTU-CVE-2020-11608

An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511modeinitregs and ov518modeinitregs when there are zero endpoints, aka CID-998912346c0d...

Cybersecurity Research During the Coronavirus Outbreak and After

Virus outbreaks are always gruesome: people, animals or computer systems get infected within a short time. Of course, viruses spreading across our physical world always take priority over the virtual world. Nevertheless, everyone should keep doing their job, which includes all kinds of malware...

Git CVE-2019-19604 Arbitrary Code Execution Vulnerability

Description Git is prone to an arbitrary code-execution vulnerability. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. Git versions prior to 2.20.2, 2.21.x through and...

google.com

Pentest notes for: google.com Exploit Pack Nmap 7.80 scan initiated Tue Dec 3 09:27:33 2019 as: /usr/bin/nmap -sV -A -oA log/exploitpack.com exploitpack.com Nmap scan report for exploitpack.com 132.148.22.104 Host is up 0.18s latency. rDNS record for 132.148.22.104:...

Intel Xeon Scalable Processors CVE-2019-11139 Denial of Service Vulnerability

Description Intel Xeon Scalable Processors are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Intel Xeon Scalable Processors Redhat Enterprise Linux 5 Redhat Enterprise Linux 6 Redhat Enterprise Linux 7...

Multiple Intel Products CVE-2019-0154 Denial of Service Vulnerability

Description Multiple Intel Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Technologies Affected Intel 6th generation Core processors Intel 7th generation Core processors Intel 8th generation Core processors Intel...

Multiple Intel Products CVE-2019-0155 Local Privilege Escalation Vulnerability

Description Multiple Intel Products are prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges, obtain sensitive information, cause memory corruption or denial-of-service conditions. Technologies Affected Intel 6th generation Core...

Multiple Intel Processors CVE-2018-12207 Denial of Service Vulnerability

Description Multiple Intel Processors are prone to a denial of service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Citrix Hypervisor 8.0 Citrix XenServer 7.0 Citrix XenServer 7.1 LTSR CU2 Citrix XenServer 7.6 Intel 2nd generation...

Samba CVE-2019-14833 Remote Security Bypass Vulnerability

Description Samba is prone to a security-bypass vulnerability. Successful exploit may allow attackers to bypass certain security restrictions and gain unauthorized access to resources. Samba versions 4.5.0 and later are vulnerable. Technologies Affected Samba Samba 4.10.1 Samba Samba 4.10.2 Samba...

libxslt CVE-2019-18197 Arbitrary Code Execution Vulnerability

Description libxslt is prone to an arbitrary code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. libxslt version 1.1.33 is...

Ajenti 2.1.31 - Remote Code Execution

Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details ------- Ajenti is a web control panel written in...

Apple Swift CVE-2019-8790 Information Disclosure Vulnerability

Description Apple Swift is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Apple Swift 3.0 Apple Swift 3.0.1 Apple Swift 3.0.2 Apple Swift 3.1 Apple Swift 3.1.1 Apple Swift 4....

Samba CVE-2019-10197 Privilege Escalation Vulnerability

Description Samba is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. This issue has been fixed in Samba 4.9.13, 4.10.8 and 4.11.0rc3. Technologies Affected IBM Watson Studio Local 1.2.3 Redhat Enterprise Linux 7 Redhat Enterprise Linu...