7042 matches found
Important: Red Hat Security Advisory: rh-haproxy18-haproxy security update
An update for rh-haproxy18-haproxy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Modlishka - An Open Source Phishing Tool With 2FA Authentication
Modlishka is a flexible and powerful reverse proxy, that will take your phishing campaigns to the next level with minimal effort required from your side. Enjoy :- Features Some of the most important 'Modlishka' features : Support for majority of 2FA authentication schemes by design. No website...
Evince CBT File Command Injection
This module exploits a command injection vulnerability in Evince before version 3.24.1 when opening comic book .cbt files. Some file manager software, such as Nautilus and Atril, may allow automatic exploitation without user interaction due to thumbnailer preview functionality. Note that limited...
BEEMKA: Basic Electron Post-Exploitation Framework
PenTestIT RSS Feed There are a lot of applications today that use Electron Framework, as it helps you build cross platform desktop apps with JavaScript, HTML, and CSS. Examples are applications such as Skype, Station, etc. A new post-exploitation framework - BEEMKA can now help you in maintaining...
Detecting bots using Content Security Policy (CSP) headers
Bots are noisy, like really. And dangerous as well, especially if they can do crawling and increase usage by legitimate operations like items catalog retrieve in the case of e-commerce. I mean, we have a lot of reasons to do not like bots and count this problem as a cybersecurity threat, which...
Hacking the GCHQ Backdoor
Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected: In fact, we think when the ghost feature is active -- silently inserting a secret...
[SECURITY] Fedora 28 Update: haproxy-1.8.17-1.fc28
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
[SECURITY] Fedora 29 Update: haproxy-1.8.17-1.fc29
HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Indeed, it can: - route HTTP requests depending on statically assigned cookies - spread load among several servers while assuring server persistence through the use of HTTP cookies - switch to...
WordPress Wise Chat plugin <= 2.6.3 - Reverse Tabnabbing vulnerability
Reverse Tabnabbing vulnerability found by MTK in WordPress Wise Chat plugin versions = 2.6.3. Solution Update the WordPress Wise Chat plugin to the latest available version at least 2.7...
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Exploit Title: Wordpress Plugin Wisechat if window.opener window.opener.parent.location.replace'http://mtk911.cf/'; if window.parent != window window.parent.location.replace'http://mtk911.cf/'; Open Redirect TEST when you click on that user. Th...
Wordpress Wisechat 2.6.3 Plugin - Reverse Tabnabbing Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Wisechat if window.opener window.opener.parent.location.replace'http://mtk911.cf/'; if window.parent != window window.parent.location.replace'http://mtk911.cf/'; Open Redirect TEST when you click on that user...
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
Exploit Title: Wordpress Plugin Wisechat if window.opener window.opener.parent.location.replace'http://mtk911.cf/'; if window.parent != window window.parent.location.replace'http://mtk911.cf/'; Open Redirect TEST when you click on that user. This opens in a new tab, and the parent tab is silently...
Linux: Reverse path filtering
Reverse Path Filtering is a process to confirm that a receiving packet source address is routable. If enabled, a not routable packet is dropped. This script tests whether the Linux host is configured to drop not routable packets. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions...
Splunk Enterprise 7.2.3 - Authenticated Custom App Remote Code Execution Exploit
Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link: https://www.splunk.com/enus/download/splunk-enterprise.html...
Splunk Enterprise 7.2.3 Command Execution
!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Date: January 23, 2019 Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link: https://www.splunk.com/enus/download/splunk-enterprise.html Version: 7.2.3 Tested on: kali...
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation Exploit
Exploit for linux platform in category web applications Exploit Title: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.nagios.com/ Product: Nagios XI Software Link:...
dnSpy - .NET Debugger And Assembly Editor
dnSpy is a debugger and .NET assembly editor. You can use it to edit and debug assemblies even if you don't have any source code available. Want to say thanks? Click the star at the top of the page. Or fork dnSpy and send a PR! The following pictures show dnSpy in action. It shows dnSpy editing a...
[SECURITY] Fedora 29 Update: radare2-3.2.0-1.fc29
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
[SECURITY] Fedora 28 Update: radare2-3.2.0-1.fc28
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
How to Load Balance Trivial File Transfer Protocol Servers
This article describes how to load balance a Trivial File Transfer Protocol TFTP server using Reverse Network Address Translation RNAT and Use Source IP USIP. TFTP is simple file transport protocol. It uses User Datagram Protocol UDP port 69 as a transport protocol and is typically implemented on...