OwlChat 2.0 Remote Shell Upload

Exploit Title: OwlChat Remote Shell Upload Vulnerability Exploit Author: Hesam Bazvand Contact: [email protected] Download Link: http://dl.20script.ir/script/chat/Owl-Chat-v2.0%5Bwww.20script.ir%5D.zip Tested on: Windows 10 / Kali Linux Category: WebApps Video :...

GhostTunnel - A Covert Backdoor Transmission Method That Can Be Used In An Isolated Environment

GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released. GhostTunnel use 802.11 Probe Request Frames and...

Ibombshell - Dynamic Remote Shell

ibombshell is a tool written in Powershell that allows you to have a prompt at any time with post-exploitation functionalities and in some cases exploitation. It is a shell that is downloaded directly to memory providing access to a large number of pentesting features. These functionalities can b...

MacOS Malware Targets Cryptocurrency Community on Slack, Discord

Hackers using MacOS malware are targeting cryptocurrency investors that use both the Slack and Discord chat platforms. The malware, dubbed OSX.Dummy, uses an unsophisticated infection method, but those who are successfully attacked open their systems up to remote arbitrary code execution. “If the...

Oracle Solaris Remote Shell Code Execution (CVE-2017-3623) - Ver2

A security bypass vulnerability has been reported in Oracle Solaris. The vulnerability is due to an error in the way the server validates RPC requests from unauthorized users. A remote attacker can exploit this issue by sending specially crafted RPC requests to the target. Successful exploitation...

Microsoft Windows: Remote Shell Acces

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winremoteshaccess.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Allow Remote Shell Access Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Potential RCE in Nessus 7 and attacks on Vulnerability Scanners

A few days ago I saw an interesting youtube video UPD. 14.05.18 Not available anymore in my Facebook feed. It is demonstrating the exploitation of the RCE vulnerability in Tenable Nessus Professional 7.0.3. Currently we have very few information about this vulnerability: only youtube video, which...

CVE-2017-17540

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...

Hardcoded credentials

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...

Hardcoded credentials

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2017-17539

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2017-17539

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...

Pwning CCTV cameras

CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, which these days means a Digital Video Recorder or DVR. DVRs take video feeds from multiple...

Fortinet FortiWLC Hard-Coded Account Vulnerability

FortiWLC is a wireless controller from Fortinet. A hard-coded account vulnerability exists in Fortinet FortiWLC 8.3.3. An attacker can exploit this vulnerability to gain unauthorized read/write access via a remote shell...

Fortinet FortiWLC Hardcoded Account Vulnerability (CNVD-2018-10699)

FortiWLC is a wireless controller from Fortinet. A hard-coded account vulnerability exists in versions 7.0.11 and earlier of Fortinet FortiWLC. An attacker can exploit this vulnerability via a remote shell to gain unauthorized read/write access...

CVE-2017-17539

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2017-17539

The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2017-17540

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...

CVE-2017-17540

The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell...