Malwinx - Just A Normal Flask Web App To Understand Win32Api With Code Snippets And References

A normal flask web app to learn win32api with code snippets and references. Prerequisite You need to download the following package before starting it pip install flask pip install pefile pip install requests Usage $ python flaskapp.py Live Demo Here is the Walkthrough: 1. Upload the exe or dll. ...

Reptile Rootkit reptile_cmd Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reptile Rootkit reptilecmd Privilege Escalation', 'Description' = %q This module uses Reptile rootkit's reptilecmd backdoor executable to gain ro...

The vulnerability of the application management tools and Flatpak environments, related to errors in processing file descriptors, allows a hacker to modify any executable files on the host side.

The vulnerability of the application management tool and the Flatpak environment is related to errors in processing file descriptors. Exploiting this vulnerability allows an attacker to modify arbitrary executable files on the host by executing the “applyextra” script...

Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output

Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output. The tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint is...

Unspecified Vulnerability in ASUS ATK Package

ASUS ATK Package is a software package from Asus Taiwan, China for installing drivers and software in ASUS computers. A security vulnerability exists in the AsLdrSrv.exe file in versions prior to ASUS ATK Package V1.0.0061 for Windows 10 notebook PCs. An attacker can exploit the vulnerability to...

Design/Logic Flaw

The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code...

Pbtk - A Toolset For Reverse Engineering And Fuzzing Protobuf-based Apps

Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structures , which is then compiled to code or another kind of structure depending on the target implementation. pbt...

CVE-2019-14568

Improper permissions in the executable for IntelR RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access...

Bash Profile Persistence

This module writes an execution trigger to the target's Bash profile. The execution trigger executes a call back payload whenever the target user opens a Bash terminal. A handler is not run automatically, so you must configure an appropriate exploit/multi/handler to receive the callback. This...

venom

This is a Metasploit framework module for generating shellcode and compiling it into an executable file. The module, named "venom," is designed to produce shellcode in various formats C, Python, Ruby, DLL, MSI, HTA-PSH and inject it into a template e.g., Python that executes the shellcode in RAM...

CVE-2019-4606

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

CVE-2019-4606

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

Design/Logic Flaw

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

CVE-2019-4606

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

Reptile Rootkit reptile_cmd Privilege Escalation

This module uses Reptile rootkit's reptilecmd backdoor executable to gain root privileges using the root command. This module has been tested successfully with Reptile from master branch 2019-03-04 on Ubuntu 18.04.3 x64 and Linux Mint 19 x64. This module requires Metasploit:...

CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523...

CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523...

Design/Logic Flaw

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523...

CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523...

Unspecified Vulnerability in IBM Planning Analytics

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in My Account Portal in IBM Planning Analytics version 2.0. An...