shopify-scripts: SIGABRT in only mirb

PoC ------------------- The following code triggers the bug attached as test.rb: def tostr 00end 0.times Debug - mirb ------------------- The program being debugged has been started already. Start it from the beginning? y or n y Starting program: /home/x/Desktop/test/mruby/bin/mirb test.rb mirb -...

[SECURITY] Fedora 25 Update: mupdf-1.10a-1.fc25

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

[SECURITY] Fedora 24 Update: mupdf-1.10a-1.fc24

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

Taoyun Interactive Android app suffers from arbitrary password reset vulnerability

Tao Yun Interactive App is a children's learning and socialization app. Taoyun Interactive Android app has an arbitrary password reset vulnerability. It allows attackers to exploit the vulnerability to change the password of the other party by only requiring their cell phone number...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

Complete Client Management And Billing 1.0.1 SQL Injection

Exploit Title: Complete Client Management & Billing v1.0.1 Script- SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://www.ynetinteractive.com/ Software Buy: http://www.ynetinteractive.com/clientexpert/demo.php Demo: http://www.ynetinteractive.com/clientexpert/demo.php Version...

Client Expert 1.0.1 - SQL Injection

Client Expert 1.0.1 - SQL Injection Exploit Title: Complete Client Management & Billing v1.0.1 Script- SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://www.ynetinteractive.com/ Software Buy: http://www.ynetinteractive.com/clientexpert/demo.php Demo:...

[SECURITY] Fedora 24 Update: mapserver-6.2.4-1.fc24

Mapserver is an internet mapping program that converts GIS data to map images in real time. With appropriate interface pages, Mapserver can provide an interactive internet map based on custom GIS data...

reversemap - Analyse SQL injection attempts in web server logs

Analyse SQL injection attempts in web server logs The program can either be run in batch mode or interactive mode. In batch mode the program will accept Apache web server logs and will deobfuscate requested URLs from the logs. In interactive mode the program will prompt for user input and will...

Hardware Bridge Session Connector

The Hardware Bridge HWBridge is a standardized method for Metasploit to interact with Hardware Devices. This extends the normal exploit capabilities to the non-ethernet realm and enables direct hardware and alternative bus manipulations. You must have compatible bridging hardware attached to this...

Windows 'Run As' Using Powershell

This module will start a process as another user using powershell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 'Run As' Using Powershell', 'Description' = %q This module will start...

IBM AIX Local Elevation of Privilege Vulnerability (CNVD-2016-13013)

IBM AIX Advanced Interactive eXecutive is a UNIX operating system developed by IBM. A security vulnerability exists in IBM AIX versions 6.1, 7.1 and 7.2. A local attacker can exploit this vulnerability to gain root privileges on the target system...

IT Threat GeoDashboard: Suspicious

IT Threat GeoDashboard Suspicious is a combination of Open Source software configured to give end users a view on IT threats over an interactive geographical dashboard. You’ll just need an Internet Browser to access the dashboard. This application has been build on a GNU/Linux environment and may...

CVE-2016-4027

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However t...

CVE-2016-4027

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However t...

Real Time Performance Monitoring: netdata

Real Time Performance Monitoring Netdata is a daemon that collects data in realtime per second and presents a web site to view and analyze them. The presentation is also real-time and full of interactive charts that precisely render all collected values. netdata is the fastest way to visualize...

Hashcat v3.20 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms. hashcat currently supports CPU's, GPU's other hardware-accelerators on Linux, Windows and OSX, and has facilities to help enable...

gre.wgw.interactivebrokers.com XSS vulnerability

Vulnerable URL: https://gre.wgw.interactivebrokers.com/webtrader/redirect.jsp?regionalURL="alert'OPENBUGBOUNTY'...

2016 Flare-On Challenge Solutions

I would like to thank the challenge authors this year: 1. Alexander Rich 2. Matt Williams @0xmwilliams 3. Dominik Weber 4. James T. Bennett @jtbennettjr 5. Tyler Dean 6. Josh Homan 7. Alex Berry 8. Nick Harbour @nickharbour 9. Jon Erickson @2130706433 10. FireEye Labs Advanced Vulnerability...

Interactive Disassembler: Plasma

Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code. PLASMA is an interactive disassembler. It can generate a more readable assembly pseudo code with colored syntax. You can write scripts with the available Python api. The project is still in big...