13 matches found
XSS-Payloads-to-Bypass-WAFs
PoC exploit for XSS payloads to bypass WAFs, specifically target...
squid: Request/Response smuggling in HTTP/1.1 and ICAP
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...
XML External Entity (XXE)
scrapy is vulnerable to XML External Entity XXE. The vulnerability is due to the lxml.etree.fromstring function which lacks input validation, enabling attackers to execute denial of service attacks, access local files, create network connections, or bypass firewalls through specially crafted XML...
DNS-Tunnel-Keylogger - Keylogging Server And Client That Uses DNS Tunneling/Exfiltration To Transmit Keystrokes
This post-exploitation keylogger will covertly exfiltrate keystrokes to a server. These tools excel at lightweight exfiltration and persistence, properties which will prevent detection. It uses DNS tunelling/exfiltration to bypass firewalls and avoid detection. Server Setup The server uses python...
Ateme TITAN File 3.9 Job Callbacks Server-Side Request Forgery
Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.9.12.4 3.9.11.0 3.9.9.2 3.9.8.0 Summary: TITAN File is a multi-codec/format video transcoding software, for mezzanine, STB and ABR VOD, PostProduction, Playout and...
SAP BusinessObjects Business Intelligence Platform Cross-Site Request Forgery Vulnerability
SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product has report generation, analysis, data visualization and other functions. A cross-site request forgery vulnerability exists in SAP...
Debian DLA-2315-1 : gupnp security update
Yunus adrc found an issue in the SUBSCRIBE method of UPnP, a network protocol for devices to automatically discover and communicate with each other. Insuficient checks on this method allowed attackers to use vulnerable UPnP services for DoS attacks or possibly to bypass firewalls. For Debian 9...
Cuteit v0.2.1 - IP Obfuscator Made To Make A Malicious Ip A Bit Cuter
IP obfuscator made to make a malicious ip a bit cuter A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload. All of that...
Build Your Own Botnet: BYOB
BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability ...
Udp2raw-tunnel - A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket [Bypass UDP FireWalls]
A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrypted, Anti-Replay and Multiplexed.It also acts as a Connection Stabilizer. Support Platforms A Linux host including desktop Linux, Android...
Encrypted, Anti-Replay, Multiplexed Udp Tunnel: Udp2raw-tunnel
A UDP Tunnel which tunnels UDP via FakeTCP/UDP/ICMP Traffic by using Raw Socket, helps you Bypass UDP FireWalls or Unstable UDP Environment. Its Encrpyted, Anti-Replay and Multiplexed. It also acts as a Connection Stabilizer. Features Send / Receive UDP Packet with fake-tcp/icmp headers...
LogMeIn Listening Server Detection
Binary data 5507.prm...
Dns2TCP Service Detection
The remote service supports the DNS-to-TCP protocol. This protocol hides network traffic protocols by embedding the traffic within seemingly innocuous DNS queries. This service can be used to bypass firewalls or proxies by obfuscating the true protocol within the DNS protocol. %NASLMINLEVEL 70300...