TOTOLINK Wireless Routers Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'TOTOLINK Wireless Routers unauthenticated remote command execution vulnerability.', 'Description' = %q Multiple TOTOLINK...

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

PT-2023-28302 · Unknown · Mobile Security Framework

Name of the Vulnerable Software and Affected Versions: Mobile Security Framework MobSF versions =3.7.8 Beta Description: The issue is related to Insecure Permissions. The vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted...

CVE-2023-42261

Mobile Security Framework MobSF =v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for example,...

Unix Command Shell, Reverse TCP (via socat)

Creates an interactive shell via socat Module Options msf use payload/cmd/unix/reversesocattcp msf payloadreversesocattcp show actions ...actions... msf payloadreversesocattcp set ACTION msf payloadreversesocattcp show options ...show and set options... msf payloadreversesocattcp run This module...

Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)

Summary IBM Security Guardium has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2023-0041 DESCRIPTION: IBM Security Guardium could allow a user to take over another user's session due to insufficient session expiration. CVSS Base score: 6.3 CVSS Temporal Score: See:...

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on th...

Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)

import ctypes, struct import argparse from keystone import Exploit Title: Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode 476 Bytes Exploit Author: Senzee Date: 08/29/2023 Platform: Windows X64 Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter OS Versi...

HTTP-Shell - MultiPlatform HTTP Reverse Shell

HTTP-Shell is Multiplatform Reverse Shell. This tool helps you to obtain a shell-like interface on a reverse connection over HTTP. Unlike other reverse shells, the main goal of the tool is to use it in conjunction with Microsoft Dev Tunnels, in order to get a connection as close as possible to a...

Exploit for Code Injection in Apache Commons_Text

Quickstart bash sudo apt install golang To run like...

Exploit for Code Injection in Apache Commons_Text

Quickstart bash sudo apt install golang To run like...

Exploit for Code Injection in Apache Commons_Text

Quickstart bash sudo apt install golang To run like...

matrix-media-repo: Unsafe media served inline on download endpoints

Impact A malicious user can upload an SVG image containing JavaScript to their server. When matrix-media-repo is asked to serve that media via the /matrix/media/r0|v3/download endpoint, it would be served with a Content-Disposition of inline. This can allow JavaScript to run in the browser if a...

Wp2Fac - OS Command Injection

Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...

CVE-2023-39420

The RDPCore.dll component as used in the IRM Next Generation booking engine, allows a remote user to connect to customers with an "admin" account and a corresponding password computed daily by a routine inside the DLL file. Once reverse-engineered, this routine can help an attacker generate the...

Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks

A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service DDoS attacks. Doctor Web said the compromises are likely to occur either during malicious firmware update...

tomcat: not including the secure attribute causes information disclosure

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...

tomcat: not including the secure attribute causes information disclosure

When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure...

Path traversal

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...

CVE-2023-41044 Partial path traversal vulnerability in Support Bundle feature of Graylog

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's Support Bundle feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows an attacker with valid Admin role...