Unit4 Polska TETA Web Authorization Bypass Vulnerability

Unit4 Polska TETA Web formerly known as TETA Galactica is a package of solutions including personnel, financial and logistics management systems from Unit4 Poland. An authorization bypass vulnerability exists in Unit4 Polska TETA Web version 22.62.3.4. Due to the program failing to properly...

Code injection

Unit4 Polska TETA Web formerly TETA Galactica 22.62.3.4 does not properly restrict access to the 1 Design Mode and 2 Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."...

NetScaler Gateway Rejects RADIUS Accept Request

RADIUS authentication is configured on NetScaler Gateway. RADIUS accepts the authentication and sends the correct message however NetScaler rejects the authentication. The RADIUS log files show that the authentication is accepted. The network trace shows that a message is sent from RADIUS server...

Linux x86_64 - /bin/sh

Linux x8664 - /bin/sh. Shellcode exploit for linx86-64 platform Exploit Title: Shellcode /bin/sh for Linux x8664 different approach Date: 2015-09-10 Exploit Author: Fanda Uchytil Version: 1 Tested on: Linux 3.16.0-4-amd64 Debian, 2.6.32-openvz-042stab093.5-amd64 Centos/RHEL based, 2.6.32-5-amd64...

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

Werkzeug 调试模式 命令执行

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit4 'Werkzeug Debug Shell Command Execution', 'Description' = %q This module will exploi...

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

Mail.ru: [riot.mail.ru] Reflected XSS in debug-mode

Приветствую. Уязвимость существует за счёт отображения всех запросов к серверу в режиме отладки, доступными любому пользователю. Как следствие мы имеем 2 нехороших проблемы: 1 Full SQL Disclosure Run query: SELECT FROM forumconfig Run query: SELECT catid,name FROM forumcats ORDER BY orderid Run...

UNIT4TETA TETA WEB - Authorization Bypass vulnerability

Exploit for php platform in category web applications Title: UNIT4TETA TETA WEB - Authorization Bypass vulnerability Author: Lukasz Miedziński Date: 08. January 2015 CVE: CVE-2015-1173 Affected software : =================== UNIT4TETA TETA WEB 22.62.3.4 - newest version Older versions are probabl...

Werkzeug - Debug Shell Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit4 'Werkzeug Debug Shell Command Execution', 'Description' = %q This module will exploit the Werkzeug debug console to put...

Werkzeug Debug Shell Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit4 'Werkzeug Debug Shell Command Execution', 'Description' = %q This module will exploit the Werkzeug debug console to put...

Werkzeug Debug Shell Command Execution Exploit

This Metasploit module will exploit the Werkzeug debug console to put down a Python shell. This debugger "must never be used on production machines" but sometimes slips passed testing. Tested against 0.9.6 on Debian, 0.9.6 on Centos, 0.10 on Debian. This module requires Metasploit:...

Websense Content Gateway Stack Buffer Overflow Vulnerability

Websense Content Gateway is a set of content security solution gateway from Websense, Inc. A stack buffer overflow vulnerability exists in the 'handledebugnetwork' function in Manager for Websense Content Gateway version 8.0.0. A remote attacker can exploit this vulnerability to cause a denial of...

PEframe - Tool to perform static analysis on Portable Executable malware

PEframe is a open source tool to perform static analysis on Portable Executable malware. Usage $ peframe malware.exe $ peframe --option malware.exe Options --json Output in json --import Imported function and dll --export Exported function and dll --dir-import Import directory --dir-export Export...

IBM Tivoli Storage Manager FastBack Server Opcode 8192 Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 8192. By sending a crafted packet on TCP...

Malicious APK Injection Vulnerability on Android Backup and Restore Processing

Android is a free and open-source Linux-based operating system for mobile devices such as smartphones and tablets, led and developed by Google Inc. and the Open Handset Alliance. Android handles system backups and then restores with a security vulnerability that allows an attacker to inject a...

The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libxml2-debuginfo-x86 package in the OpenSUSE operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

Sticky Keys Persistence Module

This module makes it possible to apply the 'sticky keys' hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain...

Technical analysis: Hacking Team for Flash 0day brace-vulnerability warning-the black bar safety net

! The vast JIT CODE, how to find we want to track The code? Borrow HackingTeam Flash 0day event detail debug flow and jitcode, to help some friends to follow better learning. ValueOf the frequency out of the vulnerability, adobe now has been the lack what fill what, a 7 on No. 8, only repair the...

The vulnerability of the EMC Unisphere data storage management program allows a hacker to execute arbitrary code.

The vulnerability of the EMC Unisphere data storage management program with the installed JDWP service is related to code errors. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...