309 matches found
Exploit for Path Traversal in Bludit
CVE-2019-16113 PoC Bludit = 3.9.2 Remote Code Execution Vuln...
VMware vCenter Server 6.7 Authentication Bypass
Exploit Title: VMware vCenter Server 6.7 - Authentication Bypass Date: 2020-06-01 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2020-0006.html Version: vCenter Server 6.7 before update 3f Tested on: vCenter Server Appliance 6.7 RTM updated from v6.0...
Exploit for Out-of-bounds Write in Google Android
CVE-2020-12753-PoC This repo contains a proof-of-concept for 🔋...
VMware vCenter Server 6.7 - Authentication Bypass
Exploit Title: VMware vCenter Server 6.7 - Authentication Bypass Date: 2020-06-01 Exploit Author: Photubias Vendor Advisory: 1 https://www.vmware.com/security/advisories/VMSA-2020-0006.html Version: vCenter Server 6.7 before update 3f Tested on: vCenter Server Appliance 6.7 RTM updated from v6.0...
Pi-hole 4.4.0 CVE-2020-11108 - Remote Code Execution
Pi-hole version 4.4.0 suffers from a remote code execution vulnerability. Exploit Title: Pi-hole 4.4.0 - Remote Code Execution Authenticated Date: 2020-05-22 Exploit Author: Photubias Vendor Advisory: 1 https://github.com/pi-hole/AdminLTE Version: Pi-hole . Based and improved on:...
vBulletin 5.6.1 SQL Injection
Exploit Title: vBulletin 5.6.1 - 'nodeId' SQL Injection Date: 2020-05-15 Exploit Author: Photubias Vendor Advisory: 1 https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcementsaa/4440032-vbulletin-5-6-1-security-patch-level-1 Version: vBulletin v5.6.x prior to Patch Level 1...
python3 security and bug fix update
3.6.8-23.0.1.el8 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-23 - Modify the test suite to better handle disabled SSL/TLS versions and FIPS mode - Use OpenSSLs DRBG and disable os.getrandom function in FIPS mode Resolves: rhbz1754028, rhbz1754027, rhbz1754026, rhbz177447...
RHEL 8 : python3 (RHSA-2020:1764)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1764 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Exploit
Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and ...
Important Photon OS Security Update - PHSA-2020-0224
Updates of 'python3' packages of Photon OS have been released...
Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apple Ipados
kr00ker ============ Description This script is a simple ex...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796 An even more simple PoC and Scanner for CVE-202...
PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution
Exploit Title: PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution Google Dork: N/A Date: 2020-03-15 Exploit Author: Antonio Cannito Vendor Homepage: https://www.knowledgebase-script.com/ Software Link: https://www.knowledgebase-script.com/pricing.php Version:...
[SECURITY] Fedora 30 Update: python3-typed_ast-1.4.0-2.fc30
A fork of the ast module with type annotations. This package is based on th e ast modules from Python 2 and 3, and has been extended with support for type comments and type annotations as supported in Python 3.6...
Aircrack-ng 1.6 - Complete Suite Of Tools To Assess WiFi Network Security
Aircrack-ng is a complete suite of tools to assess WiFi network security. It focuses on different areas of WiFi security: Monitoring: Packet capture and export of data to text files for further processing by third party tools. Attacking: Replay attacks, deauthentication, fake access points and...
Corsy v1.0 - CORS Misconfiguration Scanner
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Requirements Corsy only works with Python 3 and has the following depencies: tld requests To install these dependencies, navigate to Corsy directory and execute pip3 install -r requirements.txt Usag...
Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
This is a standalone script written in Python 3 for GTFOBins. You can search for Unix binaries that can be exploited to bypass system security restrictions. These binaries can be abused to get the fk break out of restricted shells, escalate privileges, transfer files, spawn bind and reverse shell...
Fedora 31 : python3 (2019-0a8fb6dacf)
Python 3.7.6 is the latest bugfix release of Python 3.7. It includes some security fixes as well. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as...
SUSE-RU-2019:2767-1 Recommended update for xen
This update for xen to version 4.10.4 fixes the following issues: - Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration bsc1133818. - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above bsc1137717. - Fixed an issue...
XMLRPC Bruteforcer - An XMLRPC Brute Forcer Targeting Wordpress
An XMLRPC brute forcer targeting Wordpress written in Python 3. In the context of xmlrpc brute forcing, its faster than Hydra and WpScan. It can brute force 1000 passwords per second. Usage python3 xmlrcpbruteforce.py http://wordpress.org/xmlrpc.php passwords.txt username python3...