Lucene search
K

371 matches found

Exploit DB
Exploit DB
added 2023/08/08 12:0 a.m.339 views

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated)

Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Date: 03/08/2023 Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable...

9.8CVSS9.6AI score0.4111EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/08/01 12:0 a.m.309 views

Uvdesk 1.1.3 Shell Upload

Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Date: 28/07/2023 Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python...

7.1AI score0.01091EPSS
Exploits4
0day.today
0day.today
added 2023/07/31 12:0 a.m.294 views

Uvdesk v1.1.3 - File Upload Remote Code Execution (Authenticated) Exploit

Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python3 CVE-2023-39147....

7.8CVSS7.8AI score0.01091EPSS
Exploits4
Kitploit
Kitploit
added 2023/07/04 12:30 p.m.28 views

ScrapPY - A Python Utility For Scraping Manuals, Documents, And Other Sensitive PDFs To Generate Wordlists That Can Be Utilized By Offensive Security Tools

ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate targeted wordlists that can be utilized by offensive security tools to perform brute force, forced browsing, and dictionary attacks. ScrapPY performs word frequency, entropy, and metadata analysis, a...

7.3AI score
Exploits0References1
Kitploit
Kitploit
added 2023/07/03 12:30 p.m.26 views

Wanderer - An Open-Source Process Injection Enumeration Tool Written In C#

Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is...

7.6AI score
Exploits0References6
The Hacker News
The Hacker News
added 2023/06/27 11:27 a.m.3 views

Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation

As the business environment becomes increasingly connected, organizations' attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/27 11:27 a.m.33 views

Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation

As the business environment becomes increasingly connected, organizations' attack surfaces continue to expand, making it challenging to map and secure both known and unknown assets. In particular, unknown assets present security challenges related to shadow IT, misconfigurations, ineffective scan...

5.9AI score
Exploits0
Kitploit
Kitploit
added 2023/04/01 11:30 a.m.24 views

Noseyparker - A Command-Line Program That Finds Secrets And Sensitive Information In Textual Data And Git History

Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing. Key features: It supports scanning files, directories, and the entire history of Git repositories It uses regular expression matching...

7.1AI score
Exploits0References10
Trellix
Trellix
added 2023/02/08 12:0 a.m.13 views

No More Macros? Better Watch Your Search Results!

No More Macros? Better Watch Your Search Results! By Pham Duy Phuc and Max Kersten · February 08, 2023 Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique. Malicious macros in...

7.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/11/03 4:0 p.m.20 views

Identifying cyberthreats quickly with proactive security testing

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matthew Hickey,...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/10/14 1:2 p.m.19 views

A SIEM With a Pen Tester's Eye: How Offensive Security Helps Shape InsightIDR

To be great at something, you have to be a little obsessed. That's true whether you want to be a chess grandmaster, become an internationally recognized CEO, or build the best cybersecurity platform on the planet. At Rapid7, our laser-focus has always been trained on one thing: helping digital...

0.2AI score
Exploits0
Kitploit
Kitploit
added 2022/10/07 11:30 a.m.55 views

Cloudfox - Automating Situational Awareness For Cloud Penetration Tests

CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following commo...

7.3AI score
Exploits0References37
HackRead
HackRead
added 2022/08/10 4:54 p.m.23 views

Download New Kali Linux 2022.3

By Deeba Ahmed Offensive Security has released the third version of Kali Linux. It is designed for hackers and security researchers… This is a post from HackRead.com Read the original post: Download New Kali Linux 2022.3...

2.4AI score
Exploits0
Kitploit
Kitploit
added 2022/07/29 12:30 p.m.96 views

Maldev-For-Dummies - A Workshop About Malware Development

In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such,malware development is becoming a vital skill for any operator. Getting started with maldev may seem daunting, but is actually very easy. This workshop will show you all you need to get started...

7.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2022/04/22 10:56 a.m.121 views

Skeletons in the Closet: Security 101 Takes a Backseat to 0-days

Rarely a month goes by without the infosec industry being plagued by a new zero-day apocalypse. Most recently in December 2021, the world was swept by a series of vulnerabilities in Log4J – a popular logging system used by thousands of systems around the world. While writing this article, the...

9.8CVSS8.2AI score0.70947EPSS
Exploits3References13
Gitee
Gitee
added 2022/04/18 5:23 p.m.5 views

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications, each designed to demonstrate a specific web application security vulnerability. The repository includes various web applications, such as CouchDB, Git, and...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2022/04/08 12:30 p.m.26 views

OffensiveNotion - Notion As A Platform For Offensive Operations

Notion yes, the notetaking app as a C2. Wait, What? Yes. But Why? What started as a meme grew into a full project. Just roll with it. Read more! Here's our blog post about it: We Put A C2 In Your Notetaking App: OffensiveNotion Features A full-featured C2 platform built on the Notion notetaking...

7.8AI score
Exploits0References3
Gitee
Gitee
added 2022/04/07 10:22 a.m.4 views

exploitdb

This is an offensive tool for Exploits. It is a repository of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The repository contains a collection of exploits for various operating systems and software, including AIX,...

7AI score
Exploits0
Kitploit
Kitploit
added 2022/03/06 8:30 p.m.30 views

Osmedeus - A Workflow Engine For Offensive Security

A Workflow Engine For Offensive Security Installation NOTE that you need some essential tools like curl, wget, git, zip and login as root to start bash -c "$curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh" Build the engine from source Make sure you installed...

7.3AI score
Exploits0References1
Apple
Apple
added 2022/01/26 12:0 a.m.112 views

About the security content of Security Update 2022-001 Catalina

About the security content of Security Update 2022-001 Catalina This document describes the security content of Security Update 2022-001 Catalina. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has...

9.3CVSS8.3AI score0.01688EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder