Miners on the Rise

Miners are a class of malware whose popularity has grown substantially this year. The actual process of cryptocurrency mining is perfectly legal, though there are groups of people who hoodwink unwitting users into installing mining software on their computers, or exploiting software vulnerabiliti...

Microsoft Windows CVE-2017-8716 Security Bypass Vulnerability

Description Microsoft Windows is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions. Technologies Affected Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version 1703 for x64-based...

Linux Kernel - 'BadIRET' Local Privilege Escalation

CVE-2014-9322 PoC for Linux kernel CVE-2014-9322 a.k.a BadIRET proof of concept for Linux kernel. This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls. Raw Linux Threads via System Calls Usage $ make badiret.elf is an ELF executable...

Dropbear Post-authentication root RCE Vulnerability (CVE-2017-9078)

Dropbear is prone to a post-authentication root remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

explo - Human And Machine Readable Web Vulnerability Testing Format

explo is a simple tool to describe web security issues in a human and machine readable format. By defining a request/condition workflow, explo is able to exploit security issues without the need of writing a script. This allows to share complex vulnerabilities in a simple readable and executable...

PingID MFA Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: PingID MFA 1 Vendor: Ping Identity Corporation CSNC ID: CSNC-2017-013 Subject: Reflected Cross-Site Scripting Risk: High Effect: Remotely exploitable Author: Stephan Sekula Date: 18.04.2017 Introduction: ------------- With PingID MFA,...

Microsoft Windows SMB Server CVE-2017-0276 Information Disclosure Vulnerability

Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...

Generic HTTP Directory Traversal / File Inclusion (Web Root) - Active Check

Generic check for HTTP directory traversal / file inclusion vulnerabilities on the web root level of the remote web server. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

XOOPS 'findusers.php' SQL Injection Vulnerability

XOOPS is prone to an SQL injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xoops:xoops"; ifdescription...

Information Disclosure in the Management Web Interface

A vulnerability exists in the Management Web Interface that could allow for Information Disclosure. The Management Web Interface does not properly validate specific request parameters which can potentially allow for Information Disclosure. Ref PAN-70434 / CVE-2017-7216 Successfully exploiting thi...

Temporary DoS for Traps Agent

A vulnerability exists with the Traps ESM Console that could allow an attacker to cause a temporary Denial of Service DoS to a Traps agent. The ESM Console does not properly validate requests to revoke a Traps agent license. Ref CYV-11547 / CVE-2017-7408 Successfully exploiting this issue revokes...

GitHub Enterprise Remote Code Execution via Marshal

pEveryone uses GitHub. If you have huge amount of green paper or you are very paranoid about your code, you can run your own GitHub. For $2,500 USD per 10 user years you get GitHub Enterprise: A virtual machine containing a fully-featured GitHub instance. Despite a few edge cases that are handled...

Teradici Management Console 2.2.0 Shell Upload / Privilege Escalation Vulnerabilities

Teradici Management Console version 2.2.0 suffers from privilege escalation and remote shell upload vulnerabilities Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...

Teradici Management Console 2.2.0 - Privilege Escalation

Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage: http://www.teradici.com/products-and-solutions/pcoip-products/management-console Software Link:...

Hacking Guatemala’s DNS – Spying on Active Directory Users By Exploiting a TLD Misconfiguration

Guatemala City, ByRigostar Own work CC BY-SA 3.0, via Wikimedia Commons. UPDATE: Guatemala has now patched this issue after I reached out to their DNS administrator and with a super quick turnaround as well! In search of new interesting high-impact DNS vulnerabilities I decided to take a look at...

AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

Test IPv6 Security: THC-IPv6

Test IPv6 Security: THC-IPv6 Attacking IPV6 Weaknesses with a complete tool set for exploiting the inherent IPV6 and ICMP6 protocol weaknesses, with included easy to use packet factory library. THC-IPV6 v3.2 Released Included Tools parasite6 icmp neighbor solitication/advertisement spoofer, puts...

Malware exploit: Xdh

Type: Remote Code Execution Author: shipcod3 / Jay Turla This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include...

Apple macOS 10.12 16A323 XNU Kernel / iOS 10.1.1 - 'set_dp_control_port' Lack of Locking Use-After-Free

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostprivt hostpriv, ipcportt controlport if hostpriv == HOSTPRIVNULL return KERNINVALIDHOST; if...

Vulnerabilities in the Google Chrome browser that allow a perpetrator to trigger a service failure or cause other effects

The multiple vulnerabilities of the Google Chrome browser are related to errors in the code. Exploiting these vulnerabilities can allow a malicious actor to cause service failures or other adverse effects...