136 matches found
CVE-2021-23369
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source...
Ditto - A Tool For IDN Homograph Attacks And Detection
Ditto is a small tool that accepts a domain name as input and generates all its variants for an homograph attack as output, checking which ones are available and which are already registered. PoC domains https://tᴡitter.com/ https://clᴏudflare.com Using with Docker The image on docker hub is...
CentOS 8 : mysql:8.0 (CESA-2019:2511)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:2511 advisory. - mysql: Server: Optimizer unspecified vulnerability CPU Jan 2019 CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530 - mysql:...
Spybrowse - Code Developed To Steal Certain Browser Config Files (History, Preferences, Etc)
Be sure to change the ftp variables throughout the code, these variables contain the username, password, & IP address of the FTP server which receives the files. This code will do the following: 1. Copy itself into the %TMP% directory & name itself ursakta.exe 2. Add a registry entry to execute...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2020-23464)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in the Server: Compiling component of MySQL Server 5.7.28 and earlier versions of Oracle MySQL. An attacker could...
CVE-2020-2806
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Compiling. Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
Design/Logic Flaw
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Compiling. Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
UBUNTU-CVE-2020-2806
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Compiling. Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...
Nray - Distributed Port Scanner
Nray is a free, platform and architecture independent port and application layer scanner. Apart from regular targets list of hosts/networks, it supports dynamic target selection, based on source like transparency logs"...
Metasploit Sample Linux Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Sample Linux Pri...
SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command
Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn't perform authentication against SMB everything is performed over DCERPC. The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn...
Important: Red Hat Security Advisory: mysql:8.0 security update
An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
mysql: Server: Compiling unspecified vulnerability (CPU Jul 2019)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Compiling. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple...
AbsoluteZero - Python APT Backdoor
This project is a Python APT backdoor, optimized for Red Team Post Exploitation Tool, it can generate binary payload or pure python source. The final stub uses polymorphic encryption to give a first obfuscation layer to itself. Deployment AbsoluteZero is a complete software written in Python 2.7...
CVE-2019-2738
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Compiling. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple...
CVE-2019-2738
CVE-2019-2738 affects Oracle MySQL Server (subcomponent: Server: Compiling). Affected versions include 5.6.44 and prior, 5.7.26 and prior, and 8.0.16 and prior. The vulnerability allows a low privileged, network-accessed attacker to read a subset of MySQL Server data. The provided connected docum...
Oracle MySQL Server Component Access Control Error Vulnerability (CNVD-2019-26539)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A component access control error vulnerability exists in the Server : Compiling subcomponent of the MySQL Server component in Oracle MySQL, versions...
Machinae v1.4.8 - Security Intelligence Collector
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes, and SSL fingerprints. It was inspired by Automater, another excellent tool for collecting information. The Machinae...
Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code via P-Code and confuse macro analysis tools. Runs on Linux, OSX and Windows. Current features Hide VBA macros from the GUI editor VBA stomping P-code abuse Fool analyst tools Serve VBA stomp...
MySQL 5.7.x < 5.7.27 Multiple Vulnerabilities (Apr 2019 CPU)
Binary data 700633.prm...