CVE-2017-5495

CVE-2017-5495 affects Quagga 0.93–1.1.0, where the telnet vty CLI input buffer can grow without bound when no newline is entered. This unbounded memory allocation allows a remote attacker who can connect to the Quagga telnet ports (often exposed locally) to cause Denial-of-Service to Quagga daemo...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

Microsoft Windows Kernel - win32k.sys NtSetWindowLongPtr Privilege Escalation (MS16-135) (2)

Exploit for windows platform in category local exploits / Source: https://ricklarabee.blogspot.com/2017/01/virtual-memory-page-tables-and-one-bit.html Binary: https://github.com/rlarabee/exploits/raw/8b9eb646516d7f022a010f28018209f331c28975/cve-2016-7255/compiled/cve-2016-7255.exe Mirror:...

How to reboot or shutdown NetScaler MAS using CLI

Citrix ADM, formerly NetScaler MAS There is an option on MAS GUI to reboot it but what is the equivalent CLI command for it. Do not use the REBOOT command as it is not a clean reboot and will need a Database recovery...

CVE-2015-3441

The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the 1 starthour, 2 startminute, 3 endhour, 4 endminute, or 5 hostname parameter...

Code injection

The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the 1 starthour, 2 startminute, 3 endhour, 4 endminute, or 5 hostname parameter...

CVE-2015-3441

The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the 1 starthour, 2 startminute, 3 endhour, 4 endminute, or 5 hostname parameter...

CVE-2015-3441

Genexis DRGOS devices prior to version 1.14.1 are affected by a remote code execution flaw in the Parental Control panel. An authenticated remote attacker can exploit this by supplying values to (start_hour, start_minute, end_hour, end_minute, or hostname) to execute arbitrary CLI commands. The v...

Generating SSH Keys is broken (using Bitbucket Server) -- ui and config file

Please watch my short video illustrating the experience. https://www.youtube.com/watch?v=wPUAkG78BFE&feature=youtu.be Scenario 1: On MacOS X Sierra when setting up SourceTree for first time and choosing "SSH" as the authentication method, SourceTree: Should not have a URL for the Bitbucket...

Man In The Middle (MitM)

co-cli-installer is vulnerable to man-in-the-middle MitM attacks because it downloads the co-cli module as part of the install process over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

Hakku Framework - Simple Penetration Testing Framework

Hakku is simple framework that has been made for penetration testing tools. Hakku framework offers simple structure, basic CLI, and useful features for penetration testing tools developing. Hakku is on early stages and may be unstable, so please download the released versions from github or...

Python JSON Fuzzer: PyJFuzz

Python JSON Fuzzer PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Dependencies In order to work PyJFuzz need a single dependency, bottle , you can install it from...

PyJFuzz - Python JSON Fuzzer

PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Version | 1.1.0 ---|--- Homepage | http://www.mseclab.com/ Github | https://github.com/mseclab/PyJFuzz Author | Danie...

Bluemix Container Authorization Controls

Date : 09/12/2016 Author : Oscar Martinez Tested on:cf version 6.22.1+6b7af9c-2016-09-24 / Docker version 1.12.3, build 6b644ec / API endpoint: https://api.ng.bluemix.net API version: 2.54.0 API endpoint: https://api.ng.bluemix.net API version: 2.54.0 Vendor : IBM Software : bluemix...

OracleVM 3.3 / 3.4 : sudo (OVMSA-2016-0170)

The remote OracleVM system is missing necessary patches to address critical security updates : - Update noexec syscall blacklist - Fixes CVE-2016-7032, CVE-2016-7076 Resolves: rhbz1391937 - RHEL-6.8 erratum - fixed a bug causing that non-root users can list privileges of other users Resolves:...

Man-in-the-Middle (MitM) Attacks

galenframework-cli is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, allowing a malicious user to swap out the requested binary with another binary for the system to execute...

Downloads Resources over HTTP

Overview Affected versions of cobalt-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

Downloads Resources over HTTP

Overview Affected versions of galenframework-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...