PT-2018-13771 · Openstack +1 · Openstack-Mistral +1

Name of the Vulnerable Software and Affected Versions: openstack-mistral affected versions not specified Description: A flaw in openstack-mistral allows the disclosure of the presence of arbitrary files within the filesystem of the executor running the action. This is achieved by manipulating the...

Unsupervised Coverage-Guided Kernel Fuzzer: syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer. Linux kernel fuzzing has the most support, akaros, freebsd, fuchsia, netbsd and windows are supported to varying degrees. Initially, syzkaller was developed with Linux kernel fuzzing in mind, but now it’s being extended to support other ...

USN-3396-1 openjdk-7 vulnerabilities

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data. An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. CVE-2017-10053 It was discovered that the JAR verifier ...

OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: insufficient access control checks in ThreadPoolExecutor (Libraries, 8172204)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

GShark Framework - Check all your backdoors with only one telegram account

This framework can perform web post exploitation, with this you can interact with multiple web backdoor and execute custom module, script. Check all your backdoors with only one telegram messenger account! Connect web backdoor to master server and control it with Telegram Download visual backdoor...

Nozes - PeTest CMD Manager [Automate Your PenTest Attacks In One Click]

Nozes is a Pentest cmd manager. You can automate your pentest attacks in one click and get results... Read the docs: https://github.com/CoolerVoid/nozes/blob/master/doc/nozesapresentation1.pdf Install To install: Need: httpd server with TLS/SSL SQLite3 php5 and php5-sqlite and PDO driver of sqlit...

PHP cgimode fpm writeprocmemfile bypass disable function demo Vulnerability

Exploit for php platform in category web applications ?php errorreporting0x66778899; settimelimit0x41424344; define'ZENDINIUSER', 10; define'ZENDINIPERDIR', 11; define'ZENDINISYSTEM', 12; / 00df9000-00e16000 rw-p 00000000 00:00 0 017ff000-01a51000 rw-p 00000000 00:00 0 heap...

PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library

PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...

PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' disable_functions Bypass / Load Dynamic Library

?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344; define'ZENDINIUSER', 10; define'ZENDINIPERDIR', 11; define'ZENDINISYSTEM', 12; / 00df9000-00e16000 rw-p 00000000 00:...

Amazon Linux AMI : nrpe (ALAS-2014-364)

DISPUTED Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported...

Nagios Remote Plugin Executor Arbitrary Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'zlib' class...

Important: nrpe

Issue Overview: DISPUTED Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It ha...

Design/Logic Flaw

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the...

CVE-2014-2913

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the...

CVE-2014-2913

CVE-2014-2913 affects Nagios NRPE = 3.2.1-3 or disabling the dont_blame_nrpe option as a workaround. Gentoo GLSA, Mageia MGASA, and various Fedora advisories reference CVE-2014-2913 and advocate upgrading NRPE.Remediation: upgrade NRPE to a non-vulnerable version (examples: Fedora/Mageia/Arch gui...

PT-2014-2009 · Nagios +2 · Nagios Remote Plugin Executor +2

Name of the Vulnerable Software and Affected Versions: Nagios Remote Plugin Executor NRPE versions 2.15 and earlier Description: The issue is related to an incomplete blacklist vulnerability in the Nagios Remote Plugin Executor NRPE, which allows remote attackers to execute arbitrary commands via...

Nagios Remote Plugin Executor Command Injection

A command injection vulnerability has been found in Nagios Remote Plugin Executor. The vulnerability is due to insufficient validation of user-provided parameters containing newline characters. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on th...

Nagios Remote Plugin Executor 2.15 Remote Command Execution

Nagios Remote Plugin Executor NRPE versions 2.15 and below suffer from a remote command execution vulnerability. ============================================= - Release date: 17.04.2014 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY...

NRPE 2.15 - Remote Command Execution

NRPE 2.15 - Remote Command Execution ============================================= - Release date: 17.04.2014 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- NRPE - Nagios Remote Plugin Executor = 2.15 Remot...