16 matches found
SUSE CVE-2016-20012
OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE...
Intel Is Maintaining Legacy Technology for Security Research
Interesting: Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old product...
OpenSSH through 8.7 allows remote attackers who have a suspicion that a certain combination of username and public key is known to an SSH server to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product
...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a...
Exploit for Deserialization of Untrusted Data in Xstream
Xstream-1.4.17 The above Xstream demo environment was set up...
Pocsuite
This is an offensive tool for penetration testing and vulnerability assessment. It is a Python-based framework called Pocsuite, developed by the Knownsec 404 Team. The tool is designed to perform remote vulnerability testing and proof-of-concept development. The target product/service or framewor...
AutoGadgetFS - USB Testing Made Easy
What’s AutoGadgetFS ? AutoGadgetFS is an open source framework that allows users to assess USB devices and their associated hosts/drivers/software without an in-depth knowledge of the USB protocol. The tool is written in Python3 and utilizes RabbitMQ and WiFi access to enable researchers to condu...
Microsoft SQL Database Attacking Tool: MSDAT
MSDAT M icro s oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...
RaidenHTTPD 2.0.44 User-Agent Cross Site Scripting
Exploit Title: RaidenHTTPD 2.0.44 - User-Agent - HTML Injection & Cross-site scripting Exploit Author: sultan albalawi :@bofheaded :https://hackinguyz.blogspot.com/ exploit User-Agent HTTP header : For remote testing use http-live -There is no need to use the script alertdocument.cookiewxo3i...
socialMPN.txt
!/usr/bin/perl -w Remote Testing SocialMPN Remote File Inclusion by y3dips for testing only Bug find by zer0-c00l , Bug published at http://waraxe.us/ftopic-542-0-days0-orderasc-.html print " Remote Testing File Inclusion for SocialMPN by y3dips \n"; require LWP::UserAgent; if@ARGV == 2 $target=...
SocialMPN Arbitrary File Injection Exploit
No description provided by source. !/usr/bin/perl -w Remote Testing SocialMPN Remote File Inclusion by y3dips for testing only Bug find by zer0-c00l , Bug published at http://waraxe.us/ftopic-542-0-days0-orderasc-.html print " Remote Testing File Inclusion for SocialMPN by y3dips \n"; require...
SocialMPN - Arbitrary File Injection
SocialMPN - Arbitrary File Injection !/usr/bin/perl -w Remote Testing SocialMPN Remote File Inclusion by y3dips for testing only Bug find by zer0-c00l , Bug published at http://waraxe.us/ftopic-542-0-days0-orderasc-.html print " Remote Testing File Inclusion for SocialMPN by y3dips \n"; require...
SocialMPN Arbitrary File Injection Exploit
Exploit for unknown platform in category web applications ========================================== SocialMPN Arbitrary File Injection Exploit ========================================== !/usr/bin/perl -w Remote Testing SocialMPN Remote File Inclusion by y3dips for testing only Bug find by...
Remote Testing SocialMPN Remote File Inclusion by y3dips
!/usr/bin/perl -w Remote Testing SocialMPN Remote File Inclusion by y3dips for testing only Bug find by zer0-c00l , Bug published at http://waraxe.us/ftopic-542-0-days0-orderasc-.html print " Remote Testing File Inclusion for SocialMPN by y3dips n"; require LWP::UserAgent; if@ARGV == 2 $target=...
New CesarFTP v 0.99g DoS
just thought that, since you seemed interseted in the topic earlier, I would e-mail you this exploit. I don't think that it's going to get patched anytime soon anyways, so it doesn't matter. I haven't tested remotely network trouble but I would like to get some info back on your results. I can on...
Multiple Anti-Virus SMTP Message Long Line Parsing DoS
Some antivirus scanners die when they process an email with a long string without line breaks. Such a message was sent. If there is an antivirus on your MTA, it might have crashed. Please check its status right now, as it is not possible to do it remotely C Tenable Network Security, Inc. Credits:...