Linux: ALWAYS_SET_PATH in /etc/login.defs

su allows to run commands with a substitute user and group ID. When called with no user specified, su defaults to running an interactive shell as root. When user is specified, additional arguments can be supplied, in which case they are passed to the shell. If ALWAYSSETPATH is set to yes in...

CTFTOOL - Interactive CTF Exploration Tool

An Interactive CTF Exploration Tool This is ctftool, an interactive command line tool to experiment with CTF, a little-known protocol used on Windows to implement Text Services. This might be useful for studying Windows internals, debugging complex issues with Text Input Processors and analyzing...

freeFTPd v1.0.13 - freeFTPdService Unquoted Service Path

freeFTPd v1.0.13 - freeFTPdService Unquoted Service Path Exploit Title: freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeFTPd.exe Version: 1.0.13 Tested On: Windows ...

GDA Android Reversing Tool - A New Decompiler Written Entirely In C++, So It Does Not Rely On The Java Platform, Which Is Succinct, Portable And Fast, And Supports APK, DEX, ODEX, Oat

Here, a new Dalvik bytecode decompiler, GDA（this project started in 2013 and released its first version 1.0 in 2015 at www.gda.com: 9090 , is proposed and implemented in C++ to provide more sophisticated, fast and convenient decompilation support. GDA is completely self-independent and very stabl...

Hershell - Multiplatform Reverse Shell Generator

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...

Install OpenSSH for Windows

This module installs OpenSSH server and client for Windows using PowerShell. SSH on Windows can provide pentesters persistent access to a secure interactive terminal, interactive filesystem access, and port forwarding over SSH. This module requires Metasploit: https://metasploit.com/download...

Oracle January 2020 Critical Patch Update Multiple Vulnerabilities

Description Oracle has released advance notification regarding the January 2020 Critical Patch Update CPU to be released on January 14, 2020. The update addresses 333 vulnerabilities affecting the following software: Oracle Database Server, versions 12.2.0.1, 18c, 19c Oracle Communications Design...

SYS.1.2.2.A14

Ziel des Bausteins SYS.1.2.2 ist die Absicherung von Microsoft Windows Server 2012 und Microsoft Windows Server 2012 R2. Die Kern-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-43414)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in app/fifolist/fifointeractive.php in FusionPBX 4.4.1. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the c...

Mersive Solstice 2.8.0 - Remote Code Execution

Mersive Solstice 2.8.0 - Remote Code Execution Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link:...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact Please review th...

Vulnx v1.9 - An Intelligent Bot Auto Shell Injector That Detect Vulnerabilities In Multiple Types Of CMS (Wordpress, Joomla, Drupal, Prestashop...)

Vulnx is An Intelligent Bot Auto Shell Injector that detect vulnerabilities in multiple types of Cms, fast cms detection,informations gathering and vulnerabilitie Scanning of the target like subdomains, ipaddresses, country, org, timezone, region, ans and more ... Instead of injecting each and...

Microsoft Windows 'Win32k' CVE-2019-1408 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows Win32k CVE-2019-1393 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows CVE-2019-1420 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-bas...

LinPwn - Interactive Post Exploitation Tool

LinPwn is a interactive tool created to assist you in post exploitation enumeration and privilege escalation. Connection Set your IP and port you want it to connect to in the Connection class. Place the LinPwn binary on the target machine. Run nc -lvp PORT on your machine and then run LinPwn on t...

SQL Injection Vulnerability in Marketing System of Baoding Interactive Enterprise Marketing Planning Co.

Baoding Interactive Marketing Planning Co., Ltd. focuses on e-commerce services in Hebei, providing small and medium-sized enterprises with website construction, online shopping mall construction, domain name registration, cell phone APP, business with the line and other services. Baoding...

Fedora Update for scapy FEDORA-2019-d49c8ec32b

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Microsoft Windows CVE-2019-1339 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain the elevated privileges on the affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-bas...

Microsoft Windows Kernel CVE-2019-1345 Local Information Disclosure Vulnerability

Description Microsoft Windows Kernel is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...