7042 matches found
CVE-2024-55907
CVE-2024-55907 affects IBM Cognos Analytics Mobile (iOS) version 1.1. The issue arises from weak code obfuscation, enabling an attacker to reverse engineer the codebase to learn about techniques, interfaces, class definitions, algorithms and functions used. IBM’s security bulletin confirms remedi...
CVE-2024-55907 IBM Cognos Mobile information disclosure
IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation...
IBM Cognos Analytics Mobile 安全漏洞
IBM Cognos Analytics Mobile is an application from International Business Machines IBM, Inc. integrates reporting, modeling, analytics, dashboards, cases, and event management. A security vulnerability exists in IBM Cognos Analytics Mobile version 1.1, which stems from weak obfuscation and could...
[SECURITY] Fedora 40 Update: rizin-0.7.4-5.fc40
Rizin is a free and open-source Reverse Engineering framework, providing a complete binary analysis experience with features like Disassembler, Hexadecimal editor, Emulation, Binary inspection, Debugger, and more. Rizin is a fork of radare2 with a focus on usability, working features and co de...
[SECURITY] Fedora 40 Update: cutter-re-2.3.4-6.fc40
Cutter is a Qt and C++ GUI for Rizin. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers...
[SECURITY] Fedora 41 Update: cutter-re-2.3.4-6.fc41
Cutter is a Qt and C++ GUI for Rizin. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers...
[SECURITY] Fedora 41 Update: rizin-0.7.4-5.fc41
Rizin is a free and open-source Reverse Engineering framework, providing a complete binary analysis experience with features like Disassembler, Hexadecimal editor, Emulation, Binary inspection, Debugger, and more. Rizin is a fork of radare2 with a focus on usability, working features and co de...
A dive into the Rockchip Bootloader
TL;DR Rockchip has a structured sequence of bootloaders. Using various plugs can allow access to the MCU’s RAM and storage. There are many utilities to allow reading of information from the MCU. Use this guide to access and reverse engineer bootloaders. Introduction Rockchip are a Chinese company...
Server-side Request Forgery
github.com/bishopfox/sliver is vulnerable to Server-side Request Forgery. The vulnerability is due to improper authorization and lack of validation in the Sliver teamserver's reverse port forwarding mechanism, which allows the implant to open a reverse tunnel without operator instruction...
CVE-2025-27090
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...
HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an ARMLE payload from an HTTP server. Connect to target and spawn a command shell Module Options msf use payload/cmd/linux/http/armle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show a...
TFTP Fetch, Linux dup2 Command Shell, Reverse TCP Stager
Fetch and execute an ARMLE payload from a TFTP server. dup2 socket in r12, then execve. Connect back to the attacker Module Options msf use payload/cmd/linux/tftp/armle/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...
HTTPS Fetch, Linux Command Shell, Reverse TCP Stager
Fetch and execute an MIPSLE payload from an HTTPS server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/https/mipsle/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...
HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an MIPSLE payload from an HTTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/http/mipsle/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp...
HTTPS Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an MIPSBE payload from an HTTPS server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/https/mipsbe/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp...
Exploit for CVE-2024-2961
PHP file-read to RCE CVE-2024-2961 TODO Parse LIBC to kn...
CVE-2024-57055
Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client not the general-use JSON services and requires reverse...
CVE-2025-27090
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...
SSRF in sliver teamserver
Summary The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so Reproduction steps Run server wget...
GHSA-FH4V-V779-4G2W SSRF in sliver teamserver
Summary The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so Reproduction steps Run server wget...