Arbitrary Code Execution

automake is vulnerable to arbitrary code execution attacks. The vulnerability exists as the "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to...

Hackers Hit Make-A-Wish Website With Cryptojacking Scheme

Cryptojacking officially knows no bounds...

Cryptojacking Attack Targets Make-A-Wish Foundation Website

Hackers have been stealing CPU-cycles from visitors to the Make-A-Wish Foundation’s international website in order to mine for Monero cryptocurrency. Researchers said they found the CoinIMP mining script embedded in the non-profit’s website, and that it was taking advantage of the Drupalgeddon 2...

kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

DEBIAN-CVE-2018-1000802

Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in shutil module makearchive function that can result in Denial of service, Information gain via injection of arbitrary files on...

BST (Binary String Toolkit) - Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs

The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field. Features Dump files content to standard output in a binary string format...

kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS...

RIPS Integration into Jenkins CI with Pipeline Support

Pipelines The Pipeline approach is a more developer friendly method to define the build and test process of a project. It is as easy as placing a file named Jenkinsfile into your project which contains all the configuration. This is well known from other build tools like Docker or make and improv...

DEBIAN-CVE-2018-11202

A NULL pointer dereference was discovered in H5Shypermakespans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack...

UBUNTU-CVE-2018-11202

A NULL pointer dereference was discovered in H5Shypermakespans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack...

PT-2018-10392 · Hdf +1 · Hdf5 +1

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.10.2 Description: A NULL pointer dereference was discovered in the H5S hyper make spans function in H5Shyper.c. This issue could allow a remote denial of service attack. Recommendations: For version 1.10.2, consider updating to...

Sudohulk - Try Privilege Escalation Changing Sudo Command

This tool change sudo command, hooking the execve syscall using ptrace, tested under bash and zsh supported architectures: x8664 x86 arm How use: $ make cc -Wall -Wextra -O2 -c -o bin/shremotedata.o src/shremotedata.c cc -Wall -Wextra -O2 -c -o bin/shstring.o src/shstring.c cc -Wall -Wextra -O2 -...

UBUNTU-CVE-2018-5803

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash...

Easy Windows and Linux cross-compilers for macOS

tl;dr: you can install cross-compiler toolchains to compile C/C++ for Windows or Linux from macOS with these two Homebrew Formulas. brew install FiloSottile/musl-cross/musl-cross brew install mingw-w64 Cross-compiling C and C++ is dreadful. While in Go you just need to set an environment variable...

Remote Code Execution (RCE)

django-make-app is vulnerable to remote code execution RCE attacks. The vulnerability exists due to the usage of the insecure usage of YAML.load...

QuarkslaB Dynamic binary Instrumentation: QBDI

QuarkslaB Dynamic binary Instrumentation QBDI is a modular, cross-platform and cross-architecture DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on x86, x86-64, ARM and AArch64 architectures. Information about what is a DBI framework and how QBD...

Photo Fusion 1.0 Cross Site Scripting

Exploit Title: Photo Fusion - Free Stock Photos Script - Xss Google Dork: N/A Date: 2017/31/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://codecanyon.net/user/teamworktec Software Buy:...

Locations Multipurpose CMS Directory Theme 1.0 Cross Site Scripting

Exploit Title: Locations - Multipurpose CMS Directory Theme - xss Google Dork: N/A Date: 2017/27/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://themerig.com Software Buy:...

beverlyhillsporsche.com XSS vulnerability

Open Bug Bounty ID: OBB-432394 Description| Value ---|--- Affected Website:| beverlyhillsporsche.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Django-make-app Arbitrary Command Execution Vulnerability

djangomakeapp is a tool for generating code for Django applications. A security vulnerability exists in the YAML parsing function of the readyamlfile method of the ioutils.py file in djangomakeapp version 0.1.3. An attacker can exploit this vulnerability by injecting Python into loaded YAML to...