CVE-2022-21515

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Options. Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

[SECURITY] Fedora 35 Update: golang-github-moby-buildkit-0.9.0-4.fc35~bootstrap

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner...

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could help new defenders...

ALLMediaServer 1.6 Buffer Overflow Exploit

This Metasploit module exploits a stack buffer overflow in ALLMediaServer version 1.6. The vulnerability is caused due to a boundary error within the handling of HTTP request. This module requires Metasploit: https://metasploit.com/download Current source:...

New 16 High-Severity UEFI Firmware Flaws Discovered in Millions of HP Devices

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface UEFI firmware impacting multiple HP enterprise devices. The shortcomings, which have CVSS scores ranging from 7.5 to 8.8, have been uncovered in...

[SECURITY] Fedora 34 Update: phoronix-test-suite-10.8.1-1.fc34

The Phoronix Test Suite is the most comprehensive testing and benchmarking platform available for the Linux operating system. This software is designed to effectively carry out both qualitative and quantitative benchmarks in a clean, reproducible, and easy-to-use manner. The Phoronix Test Suite...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. A high privileged attacker with network access via multiple protocols can compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL...

rConfig <= 3.9.6 Shell Upload Exploit

This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. This module requires Metasploit: https://metasploit.com/download Current source:...

Cisco DCNM auth bypass

This exploit is able to add an admin account to a Cisco DCNM with credentials you can choose. After that, you can login to the web interface with those credentials. The only necessary condition is the more or less recent connection of an admin as this exploit uses a kind of session stealing. Modu...

macOS cfprefsd Arbitrary File Write Local Privilege Escalation

This module exploits an arbitrary file write in cfprefsd on macOS use exploit/osx/local/cfprefsdracecondition msf exploitcfprefsdracecondition show targets ...targets... msf exploitcfprefsdracecondition set TARGET msf exploitcfprefsdracecondition show options ...show and set options... msf...

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD OOB Read Local Privilege Escalation', 'Description' = %q This module exploits an out-of-bounds read of an attacker-controlled string in...

Omron PLC 1.0.0 Denial Of Service

Exploit Title: Omron PLC 1.0.0 - Denial of Service PoC Google Dork: n/a Date: 2019-12-06 Exploit Author: n0b0dy Vendor Homepage: https://automation.omron.com, ia.omron.com Software Link: n/a Version: 1.0.0 Tested on: PLC f/w rev.: CJ2M v2.01 CWE-412 : Unrestricted Externally Accessible Lock CVE :...

Nostromo - Directory Traversal Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nostromo Directory Traversal Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...

Denial Of Service (DoS)

Oracle MySQL is vulnerable to denial of serviceDoS attacks. A remote user could exploit a flaw in the Server: Pluggable Auth component which allows unauthorized attackers to cause frequently repeatable crash on the target system...

FTW - Framework For Testing WAFs

This project was created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline to test rules on a WAF. Each rule from the ruleset is loaded into a YAML file that issues HTTP requests that will trigger these rules...

CVE-2019-2537

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

Oracle Solaris Critical Patch Update : jul2012_SRU8_5

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle Sun Products Suite subcomponent: Kernel/NFS. The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating Syste...

Immunity Canvas: CVE_2012_1182_NONX

Name| CVE20121182NONX ---|--- CVE| CVE-2012-1182 Exploit Pack| CANVAS Description| CVE-2012-1182-NONX Notes| References: http://www.samba.org CVE Name: CVE-2012-1182 VENDOR: Samba Repeatability: Repeatable Date public: 04/10/2012 CVE Url: N/A CVSS: 0.0...

Immunity Canvas: MEWEBMAIL

Name| MEWebMail ---|--- CVE| CVE-2005-1348 Exploit Pack| CANVAS Description| MailEnable WebMail Authorization Buffer Overflow Notes| References: Found by CorryL of www.x0n3-h4ck.org CVE Name: CVE-2005-1348 VENDOR: MailEnable Repeatability: This is a repeatable exploit given that the node is...

Immunity Canvas: MS03_022

Name| ms03022 ---|--- CVE| CVE-2003-0349 Exploit Pack| CANVAS Description| IIS 5.0 Windows Media Services ISAPI nsisslog.dll Overflow Notes| CVE Name: CVE-2003-0349 VENDOR: Microsoft MSADV: MS03-022 VersionsAffected: Repeatability: Repeatable References:...