Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libmm11-dev package of the Debian GNU/Linux operating system can be exploited, which may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by local malicious individuals...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the pdftohtml package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

VFU 4.10-1.1 - Move Entry Buffer Overflow Exploit

Exploit for linux platform in category local exploits Exploit Title: VFU Move Entry Buffer Overflow Date: 2015-02-25 Exploit Author: Bas van den Berg -- @barrebas Vendor Homepage: http://cade.datamax.bg/ Software Link: http://cade.datamax.bg/vfu/download Version: 4.10-1.1 Tested on: GNU/Linux Kal...

VFU 4.10-1.1 - Move Entry Buffer Overflow

Exploit Title: VFU Move Entry Buffer Overflow Date: 2015-02-25 Exploit Author: Bas van den Berg -- @barrebas Vendor Homepage: http://cade.datamax.bg/ Software Link: http://cade.datamax.bg/vfu/download Version: 4.10-1.1 Tested on: GNU/Linux Kali 1.09 32-bit & Crunchbang 11 Waldorf based on Debian...

Henry Spencer regular expressions (regex) library contains a heap overflow vulnerability

Overview A regular expressions C library originally written by Henry Spencer is vulnerable to a heap overflow in some circumstances. Description CWE-122: Heap-based Buffer Overflow From the researcher, the variable len that holds the length of a regular expression string is "enlarged to such an...

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

Overview The nsshostnamedigitsdots function of the GNU C Library glibc allows a buffer overflow condition in which arbitrary code may be executed. This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name "GHOST". Description According to Qualys, the...

Oracle Solaris Third-Party Patch Update : lighttpd (cve_2014_2469_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service memory consumption by breaking a request into...

VFU-4.10-1.1---Buffer-Overflow

VFU v4.10-1.1 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a...

x64 Linux bind TCP port shellcode 81 bytes, 96 with password

x64 Linux bind TCP port shellcode 81 bytes, 96 with password. Shellcode exploit for linx86-64 platform / Author: Sean Dillon Copyright: c 2014 CAaNES, LLC. http://caanes.com Release Date: December 19, 2014 Description: x64 Linux null-free TCP bind port shellcode, optional 4 byte password Assemble...

x64 Linux reverse TCP connect 77 to 85 bytes, 90 to 98 with password

x64 Linux reverse TCP connect 77 to 85 bytes, 90 to 98 with password. Shellcode exploit for linx86-64 platform / Author: Sean Dillon Copyright: c 2014 CAaNES, LLC. http://caanes.com Release Date: December 19, 2014 Description: x64 Linux null-free reverse TCP shellcode, optional 4 byte password...

linux/x64 reverse TCP connect shellcode 85 bytes

x64 Linux reverse TCP connect shellcode 77 to 85 bytes, 90 to 98 with password / Author: Sean Dillon Copyright: c 2014 CAaNES, LLC. http://caanes.com Release Date: December 19, 2014 Description: x64 Linux null-free reverse TCP shellcode, optional 4 byte password Assembled Size: 77 - 85 bytes, 90 ...

VFU 4.10-1.1 - Buffer Overflow Exploit

Exploit for linux platform in category local exploits Exploit Author: Juan Sacco - http://www.exploitpack.com Tested on: GNU/Linux - Debian Wheezy Description: VFU v4.10-1.1 is prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks o...

AutoScan-Network - Automatically scan your network

AutoScan-Network is a network scanner discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network. System Requirements : •Mac OS X 10.5 or later •Microsoft Windows XP, Vista •GNU/Linux •Maemo 4...

Minimalistic CLI Tool to Manage Encrypted Volumes: Tomb

Tomb is an 100% free and open source system for file encryption on GNU/Linux, facilitating the backup of secret files. Tomb is written in code that is easy to review and links commonly shared components. Tomb generates encrypted storage folders to be opened and closed using their associated...

WordPress Download Manager Arbitrary File Download

WordPress Download Manager Plugin - Arbitrary File Download CWE: CWE-98 Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 25/10/2014 Vendor Homepage: https://wordpress.org/plugins/download-manager/ Tested on: Windows 7 and Gnu/Linux Google Dork:...

WordPress HTML5 / Flash Player SQL Injection

WordPress HTML5 and FLash PLayer Plugin SQL Injection CWE: CWE-89 Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 24/10/2014 Vendor Homepage: https://wordpress.org/plugins/player/ Tested on: Windows 7 and Gnu/Linux Google Dork: inurl: "Index of"...

CAINE 6.0 "Dark Matter" - Distribution with a complete forensic environment

CAINE Computer Aided INvestigative Environment is an Italian GNU/Linux live distribution created as a project of Digital Forensics. Currently the project manager is Nanni Bassetti. CAINE offers a complete forensic environment that is organized to integrate existing software tools as software...

WordPress CuckooTap Theme & eShop Arbitrary File Download

Exploit for php platform in category web applications WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: email protected Date: 31/08/2014 Vendor Homepage:...

Mulitple WordPress Themes - 'admin-ajax.php?img' Arbitrary File Download

WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405 Tested on: Windows 7 and Gnu/Linux...

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download

Mulitple WordPress Themes - admin-ajax.php?img Arbitrary File Download WordPress CuckooTap Theme & eShop Arbitrary File Download Risk: High CWE number: CWE-200 Author: Hugo Santiago Contact: [email protected] Date: 31/08/2014 Vendor Homepage:...