EUVD-2013-4730

Malware in sbrugna...

CVE-2011-10017

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

CVE-2011-10017

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

CVE-2011-10017 Snort Report nmap.php/nbtscan.php RCE

Snort Report versions 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input passed via the target GET parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no...

Snort Report 安全漏洞

Snort Report is an inspection report management system from the Snort team. A security vulnerability exists in Snort Report versions prior to 1.3.2 that stems from the nmap.php and nbtscan.php scripts not being cleaned of user input, which could lead to remote command execution...

Linux Distros Unpatched Vulnerability : CVE-2013-4885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files...

AvosLocker Ransomware Variant Using New Trick to Disable Antivirus Protection

Cybersecurity researchers have disclosed a new variant of the AvosLocker ransomware that disables antivirus solutions to evade detection after breaching target networks by taking advantage of unpatched security flaws. "This is the first sample we observed from the U.S. with the capability to...

Exploit for Unsafe Reflection in Vmware Vcenter_Server

CVE-2021-21985 Checker. Simple Powershell imple...

Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Exploit

Exploit for multiple platform in category web applications Exploit Title: Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal CVE: CVE-2019-19781 Vulenrability: Path Traversal Vulnerablity Discovery: Mikhail Klyuchnikov Exploit Author: Dhiraj Mishra Vulnerable Version:...

Siemens LOGO! 8 Hard-Coded Cryptographic Key

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2019-012 Product: LOGO! Manufacturer: Siemens Affected Versions: LOGO! 8 all versions Tested Versions: LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03 Vulnerability Type: Use of Hard-coded Cryptographic Key CWE-321 Risk...

Vulners Nmap plugin

In previous post about Vulners vulnerability detection plugins for Burp and Google Chrome, I mentioned that it would be great to have a plugin for some free publicly available tool, like Nmap. And guys from the Vulners Team have recently released Nmap plugin. Isn't it awesome? To detect...

wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)

WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition Java EE specification. It runs on multiple platforms. WildFly is free and open-source...

CVE-2015-4045

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script...

Code injection

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script...

CVE-2015-4045

The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script...

http-vuln-cve2017-5689 NSE Script

Detects if a system with Intel Active Management Technology is vulnerable to the INTEL-SA-00075 privilege escalation vulnerability CVE2017-5689. This script determines if a target is vulnerable by attempting to perform digest authentication with a blank response parameter. If the authentication...

cics-info NSE Script

Using the CICS transaction CEMT, this script attempts to gather information about the current CICS transaction server region. It gathers OS information, Datasets files, transactions and user ids. Based on CICSpwn script by Ayoub ELAASSAL. Script Arguments cics-info.trans Instead of gathering all...

Halcyon - IDE for Nmap Script (NSE) Development

Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...

Nextcloud: Nextcloud.com is vulnerable to SWEET32 attack

Researchers have found new attack against 3DES-CBC cipher in TLS,that they can decrypt customer data using a method called SWEET32 Birthday Attack. This Vulnerability has got CVE-2016-2183 and has cvss score 5.0 This vulnerability can be found manually by simply using nmap script nmap -Pn -p...

Yelp: Yelp.com is vulnerable to SWEET32 attack

Researchers have found new attack against 3DES-CBC cipher in TLS,that they can decrypt customer data using a method called SWEET32 Birthday Attack. This Vulnerability has got CVE-2016-2183 and has cvss score 5.0 This vulnerability can be found manually by simply using nmap script nmap -Pn -p...