CVE-2021-33895

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...

EUVD-2021-20568

Malware in sbrugna...

CVE-2021-33895

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...

Default credentials

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...

CVE-2021-33895

The CVE-2021-33895 issue affects ETINET BACKBOX, specifically E4.09 (22SEP2020) and H4.09 (T0954V04^AAO). The flaw is improper password access control: when a user logs into the Backbox UI using the User ID of the process running BBSV, the system procedure USER_AUTHENTICATE_ used for password ver...

PT-2021-20357 · Etinet · Etinet Backbox E4.09

Name of the Vulnerable Software and Affected Versions: ETINET BACKBOX E4.09 version 22SEP2020 ETINET BACKBOX H4.09 version T0954V04^AAO Description: The issue arises from the mismanagement of password access control in ETINET BACKBOX. When a user logs in to the Backbox UI application using the Us...

Hewlett Packard Enterprise BackBox 授权问题漏洞

Hewlett Packard Enterprise BackBox is a U.S. Hewlett Packard Enterprise provides the functionality needed to deploy HPE Uninterruptible BackBox products into your backup and recovery operations. Hewlett Packard Enterprise BACKBOX There is an authorization issue vulnerability that stems from the...

CVE-2021-33895

ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of the process running BBSV to login to the Backbox UI application, the system procedure USERAUTHENTICATE used for verifying the Password returns 0 no error. The reason is that the user is not running...

IPeakCMS 3.5 SQL Injection

Exploit Title: IPeakCMS 3.5 - Boolean-based blind SQLi Date: 07.12.2020 Exploit Author: MoeAlbarbari Vendor Homepage: https://ipeak.ch/ Software Link: N/A Version: 3.5 Tested on: BackBox Linux CVE : CVE-2021-3018 Check the CMS version :goto www.site.com/cms/ and you will notice that in the login...

IncomCMS 2.0 - Insecure File Upload

Exploit Title: IncomCMS 2.0 - Insecure File Upload Google Dork: intext:"Incom CMS 2.0" Date: 07.12.2020 Exploit Author: MoeAlBarbari Vendor Homepage: https://www.incomcms.com/ Version: 2.0 Tested on: BackBox linux CVE: CVE-2020-29597 Upload your files Upload your file...

commix

This is an automated tool called Commix, written by Anastasios Stasinopoulos, that can be used to test web-based applications for command injection vulnerabilities. The tool is designed to be used by web developers, penetration testers, or security researchers. It is available on GitHub and can b...

Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation

// Linux 4.10 // - added known helper paths // - added search for suitable helpers // - added automatic targeting // - changed target suid exectuable from passwd to pkexec // https://github.com/bcoles/kernel-exploits/tree/master/CVE-2019-13272 // --- // Tested on: // - Ubuntu 16.04.5 kernel...

BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...

Androspy - Backdoor Crypter & Creator With Automatic IP Poisener

Androspy : is Backdoor Crypter & Creator with Automatic IP Poisener Coded By Belahsan Ouerghi Dependencies keytool jarsigner Apache2 Metasploit-Framework xterm Installation sudo apt-get install git git clone https://github.com/TunisianEagles/Androspy.git cd Androspy chmod +x setup.sh sudo...

WinSpy - A Windows Reverse Shell Backdoor Creator With An Automatic IP Poisener

WinSpy: Windows Reverse Shell Backdoor Creator With ip poisener. Dependencies 1 - metasploit-framework 2 - xterm 3 - apache2 4 - whiptail Installation sudo apt-get install git git clone https://github.com/TunisianEagles/winspy.git cd winspy chmod +x setup.sh ./setup.sh chmod +x winspy.sh...

Quasar - An Information Gathering Framework For Lazy Penetration Testers

Quasar Is An Information Gathering Framework For Penetration Testers Coded By Belahsan Ouerghi: Website Informations E-mail Address Checker Phone Number Information Credit Card Bin Checker Ip Locator Port Scanner Installation sudo apt-get install git git clone...

53R3N17Y - Python Based Script For Information Gathering

Python based script for Information Gathering. Operating Systems Tested OSX El Capitan 10.11 Ubuntu 16.04 Backbox 5 Install MacOSX as root git clone https://github.com/abaykan/53R3N17Y.git /usr/local/share/serenity echo 'alias serenity="/usr/local/share/serenity && ./serenity"' /.zshrc cd...

Wordpress cafesalivation theme - Arbitrary file download Vulnerability

Exploit for php platform in category web applications -===================­====================­=================- Exploit title : Wordpress cafesalivation theme - Arbitrary file downloadliberator author : MrSqar Yemeni hacker Team : IT-Geeks Tested on : BackBox linux check if site is vulnerabe :...

Wordpress endlesshorizon theme - Arbitrary file download Vulnerability

Exploit for php platform in category web applications -===================­====================­=================- Exploit title : Wordpress endlesshorizon theme - Arbitrary file download author : MrSqar Yemeni hacker Team : IT-Geeks Tested on : BackBox linux check if site is vulnerabe :...

Wordpress duena theme - Arbitrary file download Vulnerability

Exploit for php platform in category web applications -===================­====================­=================- Exploit title : Wordpress duena theme - Arbitrary file download author : MrSqar Yemeni hacker Team : IT-Geeks Tested on : BackBox linux check if site is vulnerabe :...