TextPattern CMS 4.9.0-dev - Remote Command Execution (Authenticated) Exploit

Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3 import requests fro...

TextPattern CMS 4.9.0-dev Remote Command Execution

Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Date: 07/04/2021 Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2021-2007)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Forblaze - A Python Mac Steganography Payload Generator

Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file for you which will be compiled to pull desired encrypted URLs out of the stego file, fetch payloads over https, and execute them directly into memory. It utilizes...

EulerOS Virtualization for ARM 64 3.0.6.0 : python3 (EulerOS-SA-2021-2007)

According to the versions of the python3 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from...

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2021-1992)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mythic - A Collaborative, Multi-Platform, Red Teaming Framework

A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming. Details Check out a series of YouTube videos...

openSUSE: Security Advisory for salt (openSUSE-SU-2021:0899-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for salt (critical)

openSUSE Security Update: Security update for salt Announcement ID: openSUSE-SU-2021:0899-1 Rating: critical References: 1171257 1176293 1179831 1181368 1182281 1182293 1182382 1185092 1185281 1186674 ECO-3212 SLE-18028 SLE-18033 Cross-References: CVE-2018-15750 CVE-2018-15751 CVE-2020-11651...

Important Photon OS Security Update - PHSA-2021-0051

Updates of 'libgcrypt', 'python3-py' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-4.0-0051

Updates of 'python3-py', 'libgcrypt' packages of Photon OS have been released...

Photon OS 4.0: Python3 PHSA-2021-4.0-0047

An update of the python3 package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0047. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

SUSE: Security Advisory (SUSE-SU-2021:2010-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Zoho ManageEngine ServiceDesk Plus 9.4 User Enumeration

Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration CVE-2021-31159 Date: 17/06/2021 Exploit Author: Ricardo Ruiz @ricardojoserf CVE: CVE-2021-31159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159 Vendor Homepage: https://www.manageengine.com...

Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration Exploit

Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration Exploit Author: Ricardo Ruiz @ricardojoserf CVE: CVE-2021-31159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159 Vendor Homepage: https://www.manageengine.com Vendor Confirmation:...

Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration

Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration Date: 17/06/2021 Exploit Author: Ricardo Ruiz @ricardojoserf CVE: CVE-2021-31159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159 Vendor Homepage: https://www.manageengine.com Vendor Confirmation:...

Critical Photon OS Security Update - PHSA-2021-0047

Updates of 'linux-aws', 'linux-secure', 'python3-Pygments', 'linux-rt', 'salt3', 'linux', 'lz4' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2021-4.0-0047

Updates of 'linux-aws', 'linux-secure', 'python3-Pygments', 'salt3', 'linux-rt', 'lz4', 'linux' packages of Photon OS have been released...

Nebula - Cloud C2 Framework, Which At The Moment Offers Reconnaissance, Enumeration, Exploitation, Post Exploitation On AWS

Nebula is a Cloud and hopefully DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or...

Microsoft SharePoint Server 16.0.10372.20060 - (GetXmlDataFromDataSource) SSRF Exploit

Exploit Title: Microsoft SharePoint Server 16.0.10372.20060 - 'GetXmlDataFromDataSource' Server-Side Request Forgery SSRF Exploit Author: Alex Birnberg Software Link: https://www.microsoft.com/en-us/download/details.aspx?id=57462 Version: 16.0.10372.20060 Tested on: Windows Server 2019 CVE :...