Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an MIPSBE payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/mipsbe/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

TFTP Fetch

Fetch and execute an ARMBE payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/armbe/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...

kernel: KVM: x86/mmu: make apf token non-zero to fix bug

A hang vulnerability is possible in the Linux kernel in arch/x86/kvm/mmu/mmu.c. This issue may lead to compromised availability...

pentest-wiki

This repository is an information gathering library for penetration testers/researchers. It contains various tools and documentation for gathering information about a target organization, including IP analysis, whois analysis, and social media research. The library includes bookmarks for various...

Linux Kernel /proc/pid/syscall information disclosure vulnerability

Summary An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that...

SUSE-SU-2019:2517-1 Security update for libseccomp

This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed bsc1128828 libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified...

Five Fingers CMS backend co***.php file has SQL injection vulnerability

Five Fingers CMS is an open source content management system that supports LNAMP architecture. Five Fingers CMS backend co.php file exists SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive database information...

linux/x86 normal exit w/ random (so to speak) return value 5 bytes

Exploit for linux/x86 platform in category shellcode ================================================================== linux/x86 normal exit w/ random so to speak return value 5 bytes ================================================================== / linux/x86 normal exit w/ random so to speak...

linux/x86 bsd/x86 execve /bin/sh 38 bytes

No description provided by source. / Linux/x86 and Bsd/x86 execve of /bin/sh by dymitri!!! / include stdio.h char code = "\x31\xc0" "\x50" "\x68\x2f\x2f\x73\x68" "\x68\x2f\x62\x69\x6e" "\x89\xe3" "\x50" "\x54" "\x53" "\x50" "\x8c\xe0" "\x21\xc0" "\x74\x04" "\xb0\x3b" "\xeb\x07" / si es bsd saltam...

linux/x86 bsd/x86 execve /bin/sh 38 bytes

Exploit for multiple platform in category shellcode ========================================= linux/x86 bsd/x86 execve /bin/sh 38 bytes ========================================= / Linux/x86 and Bsd/x86 execve of /bin/sh by dymitri!!! / include char code = "\x31\xc0" "\x50" "\x68\x2f\x2f\x73\x68"...

[SECURITY] New version of procmail with security fixes

A new version of procmail has been released which fixes some new buffer overflows that were missed in version 3.13 . We recommend you upgrade your procmail package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink...