RSPET - Python Reverse Shell and Post Exploitation Tool

RSPET Reverse Shell and Post Exploitation Tool is a Python based reverse shell equipped with functionalities that assist in a post exploitation scenario. Features Remote Command Execution Trafic masking XORed insted of cleartext; for better results use port 4431 Built-in File/Binary transfer both...

JVN#25674893: WN-GDN/R3 Series does not limit authentication attempts

WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Impact An unauthenticated attacker within wireless range of the device may perform a brute...

Amazon Linux AMI : ImageMagick (ALAS-2016-699) (ImageTragick)

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160509) (ImageTragick)

Security Fixes : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the...

HackerOne: Inadequate access controls in "Vote" functionality???

Hello there, First of all let me congratulate you for including pornhub in the list of bug bounty programs, me and my colleagues will have a lot of fun with it hahahahahah. Awesome... Anyways, I stumbled upon something whilst testing hackerone's main site. I don't know if it's a feature that it's...

CVE-2016-2458

The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and...

CVE-2016-2458

The CVE-2016-2458 issue affects AOSP Mail: the compose functionality in Android 5.0.x (pre-5.0.2), 5.1.x (pre-5.1.1), and 6.x (pre-2016-05-01) does not adequately restrict attachments, enabling information disclosure via a crafted app related to ComposeActivity.java and ComposeActivityEmail.java....

Netgear Router JNR1010 Cross-Site Request Forgery Vulnerability

Netgear Router JNR1010 is a wireless router product. The Netgear Router JNR1010 is vulnerable to cross-site request forgery. An attacker is able to alter the victim's data as well as functionality...

CVE-2016-4351

SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway TMEEG 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2016-3714

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

west8.nl XSS vulnerability

Vulnerable URL: http://west8.nl/search/?s=?q="/alert/xssposed/...

bufvc.ac.uk XSS vulnerability

Vulnerable URL: http://bufvc.ac.uk/allbufvc/search.php?q=...

oliviero.it XSS vulnerability

Vulnerable URL: http://www.oliviero.it/?search='"/alert"openbugbounty"...

Unspecified Vulnerability in Oracle PeopleSoft Products PeopleSoft Enterprise PeopleTools Component (CNVD-2016-02558)

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle.PeopleSoft Enterprise HCM Candidate Gateway is a self-service front-end to the Oracle PeopleSoft Enterprise Recruiting solution component. An unspecified vulnerability in the PIA Search Functionality...

Code injection

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality...

CVE-2016-3417

CVE-2016-3417 affects Oracle PeopleSoft Products (PeopleSoft Enterprise PeopleTools) versions 8.53–8.55, specifically the PIA Search Functionality subcomponent. The vulnerability is described as unspecified and enables remote authenticated users to affect confidentiality and integrity via PIA Sea...

CVE-2016-3417

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality...

CVE-2016-1267

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before...

Race condition

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before...

CVE-2016-1267

Race condition in the RPC functionality in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before...