Mailman 2.1.23 Cross Site Scripting

Title: Mailman 1.x 2.1.23 - Cross Site Scripting XSS Type: Reflected XSS Software: Mailman Version: =1.x = 2.1.23 Vendor Homepage: https://www.list.org Original link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5950 POC Author: Valerio Alessandroni Date: 28/10/2020 Description:...

CSRFER - Tool To Generate CSRF Payloads Based On Vulnerable Requests

CSRFER is a tool to generate csrf payloads, based on vulnerable requests. It parses supplied requests to generate either a form or a fetch request. The payload can then be embedded in an html template. Installation / / | \ | | \ | / /\ --.| |/ / | | | | |/ / | | --. \ /| | | || / | /// / |\ |...

CMS Made Simple 2.2.14 Shell Upload

Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: - Date: 2020-07-29 Exploit Author: Roel van Beurden Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip Version: 2.2.14 Tested...

PYSEC-2020-14

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

Command injection

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

PYSEC-2020-14

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

CVE-2020-11978

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...

PT-2020-6601 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 1.10.10 and below Description: The issue is related to a command injection vulnerability in Apache Airflow, which can be exploited by a remote attacker to execute arbitrary commands with superuser privileges. This...

ParamSpider - Mining Parameters From Dark Corners Of Web Archives

ParamSpider : Parameter miner for humans. Key Features : Finds parameters from web archives of the entered domain. Finds parameters from subdomains as well. Gives support to exclude urls with specific extensions. Saves the output result in a nice and clean manner. It mines the parameters from web...

Monalisa < 2.1.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)

An Unauthenticated Reflected XSS vulnerability was discovered in the Monalisa theme through 2.1.2 for WordPress. https://example.com/reservation/?state=1%22--%3E%3Cimg%20src=x%20onerror=alertXSS;%3E...

ShellGen - Reverse shell generator

This is a simple script that will generate a specific or all shellcodes for CTFs using the VPN IP address on tun0 the IPv4. INFORMATION Update has been made from sys library to argparse library done in version 0.8 Usage For help: shellgen -h shellgen --help If you want to skip update and just get...

VirusTotal Adds Cynet's Artificial Intelligence-Based Malware Detection

VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm. VirusTotal provides a free online service that analyzes suspicious files and URLs to detect malware and...

EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking

Read the license before using any part from this code : Malicious DLL Win Reverse Shell generator for DLL Hijacking Features: Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option LHOST,LPORT Example of DLL Hijacking included Half-Life Launcher file Tested on Win7 7601, Windows...

Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used

The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK framework How it works? 1- Collect data from https://attack.mitre.org/ about attacker groups 2- Get data from user about attack 3- Compare data and create result Installation git clone...

JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS

JSshell - a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, ... This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell - a tool to get a JavaScript shell with XSS by...

CVE-2020-13258

Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py...

CVE-2020-8616

A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector...

U.S. Dept Of Defense: RXSS - https://███/

Hello All I Found RXSS in your OWN Website Steps:- Add Payload XSS To /████?view= Example:- https://████/█████████?view=%3Cscript%3Ealert%22xElkomy%22%3C/script%3E Payloads:- Any payloads XSS Fix:- Filter input on arrival Encode data on output Use appropriate response headers Content Security...

VirtualTablet Server 3.0.2 - Denial of Service Exploit

Title: VirtualTablet Server 3.0.2 - Denial of Service PoC Author: Dolev Farhi Vulnerable version: 3.0.2 14 Link: http://www.sunnysidesoft.com/ CVE: N/A from thrift import Thrift from thrift.transport import TSocket from thrift.transport import TTransport from thrift.protocol import TBinaryProtoco...

Fedora: Security Advisory for phpMyAdmin (FEDORA-2020-25f3aea389)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...