MikroTik RouterOS 6.38.4 (x86) - Chimay Red Stack Clash Remote Code Execution

MikroTik RouterOS 6.38.4 x86 - Chimay Red Stack Clash Remote Code Execution !/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import...

[ASA-201803-6] python2-django: denial of service

Arch Linux Security Advisory ASA-201803-6 ========================================= Severity: Medium Date : 2018-03-06 CVE-ID : CVE-2018-7536 CVE-2018-7537 Package : python2-django Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-649 Summary ======= The package...

Fuzzing and Data Manipulation Framework: Fuddly

Among the variety of complementary approaches used in the security evaluation of a target e.g. , software, an embedded equipment, etc. , fuzz testing—abbreviated fuzzing —is widely recognized as an effective means to help discovering security weaknesses in a target. Fuzzing is a software testing...

MikroTik RouterOS < 6.38.5 RCE

!/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import ropgadget ASTSTACKSIZE = 0x20000 stack size per thread 128 KB SKIPSPACE =...

Critical Photon OS Security Update - PHSA-2017-0091

Updates of 'openssh', 'linux', 'procmail', 'rsync', 'glibc', 'mongodb', 'linux-esx', 'binutils', 'python2', 'zookeeper' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2017-0005

Updates of 'linux-aws', 'linux-secure', 'rsync', 'linux-esx', 'openssh', 'libvirt', 'linux', 'procmail', 'python2' packages of Photon OS have been released...

Moderate: Red Hat Security Advisory: ansible security, bug fix, and enhancement update

An update for ansible is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Decentralized Peer to Peer File Sharing: iWant

A command-line tool for searching and downloading files in LAN network, without any central server. Features Decentralized : There is no central server hosting files. Therefore, no central point of failure Easy discovery of files : As easy as searching for something in Google. File download from...

kwetza - Python script to inject existing Android applications with a Meterpreter payload

Kwetza is a tool that allows you to infect an existing Android application with a Meterpreter payload. What does it do? Kwetza infects an existing Android application with either custom or default payload templates to avoid detection by antivirus. Kwetza allows you to infect Android applications...

PRET - Printer Exploitation Toolkit

PRET is a new tool for printer security testing developed in the scope of a Master's Thesis at Ruhr University Bochum. It connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript, PJL and PCL are supported which are spoken by most laser...

Quest Privilege Manager 6.0.0 - Arbitrary File Write

Quest Privilege Manager 6.0.0 - Arbitrary File Write !/usr/bin/env python2 """ Exploit Title: Quest Privilege Manager pmmasterd Arbitrary File Write Date: 10/Mar/2017 Exploit Author: m0t Vendor Homepage: https://www.quest.com/products/privilege-manager-for-unix/ Version: 6.0.0-27, 6.0.0-50 Tested...

[ASA-201704-1] python2-django: multiple issues

Arch Linux Security Advisory ASA-201704-1 ========================================= Severity: Medium Date : 2017-04-06 CVE-ID : CVE-2017-7233 CVE-2017-7234 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-233 Summary ======= The package...

Moxa AWK-3131A 1.4 &lt; 1.7 - &#039;Username&#039; OS Command Injection

!/usr/bin/env python2 import telnetlib import re import random import string Split string into chunks, of which each is /var/a' - 1 completed = temp = re.split'\n', script for content in temp: if lencontent != 0: for s in re.split' ', content: if ' ' in s: s = '\x20' if '\n' in s: s = '\n' else:...

Radio Hack Box - Tool to Demonstrate Vulnerabilities in Wireless Input Devices

The SySS Radio Hack Box is a proof-of-concept software tool to demonstrate the replay and keystroke injection vulnerabilities of the wireless keyboard Cherry B.Unlimited AES. Requirements Raspberry Pi Raspberry Pi Radio Hack Box shield a LCD, some LEDs, and some buttons nRF24LU1+ USB radio dongle...

Apache Struts 2 2.3.x / 2.5.x Remote Code Execution

CVE-2017-5638 Apache Struts 2 Vulnerability Remote Code Execution Reverse shell from target Author: anarc0der - github.com/anarcoder Tested with tomcat8 Install tomcat8 Deploy WAR file https://github.com/nixawk/labs/tree/master/CVE-2017-5638 Ex: Open: $ nc -lnvp 4444 python2 struntsrce.py...

ipa, python2 security update

CentOS Errata and Security Advisory CESA-2017:0388 An update for ipa is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Printer Exploitation Toolkit: PRET

Printer Exploitation Toolkit PRET is a new tool for printer security testing developed in the scope of a Master’s Thesis at Ruhr University Bochum. PRET connects to a device via network or USB and exploits the features of a given printer language. Currently PostScript , PJL and PCL are supported...

[ASA-201701-25] python2-crypto: arbitrary code execution

Arch Linux Security Advisory ASA-201701-25 ========================================== Severity: Critical Date : 2017-01-15 CVE-ID : CVE-2013-7459 Package : python2-crypto Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-118 Summary ======= The package...

[ASA-201612-12] python2-html5lib: cross-site scripting

Arch Linux Security Advisory ASA-201612-12 ========================================== Severity: Low Date : 2016-12-12 CVE-ID : CVE-2016-9909 CVE-2016-9910 Package : python2-html5lib Type : cross-site scripting Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The packag...

[ASA-201611-14] python2-django: multiple issues

Arch Linux Security Advisory ASA-201611-14 ========================================== Severity: High Date : 2016-11-16 CVE-ID : CVE-2016-9013 CVE-2016-9014 Package : python2-django Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...