CVE-2017-16205

The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

CVE-2017-16204

The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

CVE-2017-16205

The coffescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

Information disclosure

The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

CVE-2017-16202

The cofeescript module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

CVE-2017-16203

The coffe-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

CVE-2017-16206

The cofee-script module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

Otseca - Security Auditing Tool To Search And Dump System Configuration

Otseca is a open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats. For more information, see wiki. How To Use It's simple: Clone this repository git clone https://github.com/trimstray/otseca Go into the repository...

GLSA-201805-11 : Rootkit Hunter: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201805-11 Rootkit Hunter: User-assisted execution of arbitrary code A vulnerability was discovered in Rootkit Hunter that allows the downloading of mirror updates over insecure channels HTTP. Furthermore, the mirror update is then...

Terminator - Metasploit Payload Generator

Terminator Metasploit Payload Generator. Payload List : Binaries Payloads 1 Android 2 Windows 3 Linux 4 Mac OS Scripting Payloads 1 Python 2 Perl 3 Bash Web Payloads 1 ASP 2 JSP 3 War Encrypters 1 APK Encrypter 2 Python Encrypter The author does not hold any responsibility for the bad use of this...

Rootkit Hunter: User-assisted execution of arbitrary code

Background Scans for known and unknown rootkits, backdoors, and sniffers. Description A vulnerability was discovered in Rootkit Hunter that allows the downloading of mirror updates over insecure channels HTTP. Furthermore, the mirror update is then executed in Bash. Impact A remote attacker, by...

openSUSE: Security Advisory for bash (openSUSE-SU-2018:1419-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for bash (moderate)

This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed: - Fix repeating...

openSUSE Security Update : bash (openSUSE-2018-516)

This update for bash fixes the following issues : Security issues fixed : - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed : - Fix repeating...

SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2018:1398-1)

This update for bash fixes the following issues: Security issues fixed : - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed : - Fix repeating...

SUSE-SU-2018:1398-1 Security update for bash

This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed: - Fix repeating...

Updated util-linux packages fix security vulnerability

A command injection flaw was found in the way util-linux implements umount autocompletion in Bash. An attacker with the ability to mount a filesystem with custom mount points may execute arbitrary commands on behalf of the user who triggers the umount autocompletion CVE-2018-7738...

Samurai Email Discovery - Is A Email Discovery Framework That Grabs Emails Via Google Dork, Company Name, Or Domain Name

SED is a email discovery framework created 100% in BASH that grabs emails via google dork, company name, or domain name. Requirements apt-install lynx Screenshots Possibly more features such as an OSINT options, and credential reuse discovery & torsocks implimented - but it does the trick for now...

MITM RDP Connections: Seth

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops...

Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks readSessionVarsFromFile Session Corruption', 'Description' = %q This module exploits a chain of vulnerabilities in Palo Alto...