2646 matches found
Lucee Administrator imgProcess.cfm Arbitrary File Write
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lucee Administrator imgProcess.cfm Arbitrary File Write', 'Description' = %q This module exploits an arbitrary file write in Lucee Administrator'...
Security update for aria2 (moderate)
openSUSE Security Update: Security update for aria2 Announcement ID: openSUSE-SU-2021:1125-1 Rating: moderate References: 1189107 Cross-References: CVE-2019-3500 CVSS scores: CVE-2019-3500 NVD : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.2 openSUSE...
Exploit for Missing Authentication for Critical Function in Estrongs Es_File_Explorer_File_Manager
PoC ES File Explorer 4.1.9.7.4 CVE-2019-6447 This is...
SUSE: Security Advisory (SUSE-SU-2021:2555-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for OS Command Injection in Gnu Bash
CVE-2014-6271 - Shellshock.py Shellshock exploit aka CVE-2014...
Security update for git (moderate)
openSUSE Security Update: Security update for git Announcement ID: openSUSE-SU-2021:2555-1 Rating: moderate References: 1168930 1183026 1183580 SLE-17838 SLE-18152 Cross-References: CVE-2021-21300 CVSS scores: CVE-2021-21300 NVD : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21300...
UBUNTU-CVE-2021-32751
Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the application plugin and the gradlew script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. Thi...
Command injection
Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the application plugin and the gradlew script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. Thi...
Linux-Focused Cryptojacking Gang Tracked to Romania
A cryptojacking gang that’s likely based in Romania is using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords. The point of the campaign is mainly to deploy Monero mining malware, Bitdefender researchers said in a report...
DNSrr - A Tool Written In Bash, Used To Enumerate All The Juicy Stuff From DNS
DNSrr is a tool written in bash, used to enumerate all the juicy stuff from DNS records, it uses different techniques like DNS Forward Bruteforce DNS Reverse Bruteforce DNS Cache Snooping DNS Zone Transfer To get you all the information that you can get, from a DNS server. Installation Install it...
Exploit for SQL Injection in Zabbix
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploit modules and tools for testing and demonstrating vulnerabilities. The primary vulnerability being targeted is not explicitly stated...
Advisory ROSA-SA-2021-1802
Software: bash 4.2.46 OS: Cobalt 7.9 CVE-ID: CVE-2012-6711 CVE-Crit: HIGH CVE-DESC: A heap-based buffer overflow exists in GNU Bash before 4.3, when broad characters not supported by the current language standard set in the LCCTYPE environment variable are printed using the built-in echo function...
Exploit for Off-by-one Error in Sudo_Project Sudo
Baron Samedit - Sudo CVE 2021-3156 PoC...
Updated bash packages fix a security vulnerability
A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local...
MGASA-2021-0288 Updated bash packages fix a security vulnerability
A privilege escalation vulnerability was found in bash in the way it dropped privileges when started with an effective user id not equal to the real user id. Bash may be vulnerable to this flaw if the setuid permission is set and the owner of the bash program itself is a non-root user. A local...
Cryptominers Slither into Python Projects in Supply-Chain Campaign
A group of cryptominers was found to have infiltrated the Python Package Index PyPI, which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where...
Wormable DarkRadiation Ransomware Targets Linux and Docker Instances
Cybersecurity researchers are sounding the alarm bell over a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control C2 communications. "The ransomware is...
This Week in Security News June 18, 2021
Bash ransomware targets Linux Distributions and Trend Micro touts zero trust risk insights...
Bash Ransomware DarkRadiation Targets Red Hat- and Debian-based Linux Distributions
We investigate how certain hacking tools are used to move laterally on victims’ networks to deploy ransomware. These tools contain reconnaissance/spreader scripts, exploits for Red Hat and CentOS, binary injectors, and more. In this blog, we focus on analyzing the worm and ransomware script...
Moobot Milks Tenda Router Bugs for Propagation
A variant of the Mirai botnet called Moobot saw a big spike in activity recently, with researchers picking up widespread scanning in their telemetry for a known vulnerability in Tenda routers. It turns out that it was being pushed out from a new cyber-underground malware domain, known as Cyberium...