12 matches found
Exploit for CVE-2020-24586
Fracture FragAttacks WiFi Penetration Framework CVE-202...
SUSE-SU-2026:20491-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2024-52615: Fixed possible DNS response injection via the use of fixed source ports for wide-area DNS queries bsc1233421...
OpenVPN 安全漏洞
OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from the US company OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...
📄 Microsoft Windows 11 SMB Client Privilege Escalation / Remote Code Execution
This proof of concept demonstrates a complex attack chain exploiting improper access control in Windows SMB clients, leading to elevation of privilege through DNS record injection, NTLM relay attacks using impacket-ntlmrelayx, and coercion of a victim system including Windows 11 to authenticate t...
Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
!/usr/bin/env python3 Exploit Title: Windows 11 SMB Client - Privilege Escalation & Remote Code Execution RCE Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-13 Tested on: Windows 11 version 22H2, Windows Server 2022, Kali Linux...
Nginx Proxy Manager Security Vulnerability
Nginx Proxy Manager is a Docker container for Nginx Proxy Manager open source. It is used to manage Nginx proxy hosts through a simple and powerful interface. A security vulnerability exists in Nginx Proxy Manager versions prior to 2.11.3, which stems from a vulnerability that allows authenticate...
Important: golang
Issue Overview: An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with xml.NewTokenDecoder it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with...
CVE-2022-26992
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands...
Injection
Overview std/net is a Go standard library package std/net Affected versions of this package are vulnerable to Injection. Go Vulnerability Report: The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions and their respective methods on the Resolver type may return arbitrary values...
CVE-2021-33195
A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...
Metasploit Wrapup
Metasploit Hackathon We were happy to host the very first Metasploit framework open source hackathon this past week in the Rapid7 Austin. Eight Metasploit hackers from outside of Rapid7 joined forces with the in-house team and worked on a lot of great projects, small and large. @bcook started the...
The reproduction of social engineering-vulnerability warning-the black bar safety net
Article author: withered Ling roseN. C. P. H Information source: evil octal information security teamwww.eviloctal.com to This is my osmosis in the process of a real experience,I would have thought after two days of time to get to the master server,the Master Station program on the Master Station...