Wing FTP Server 4.3.8 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Wing FTP Server 4.3.8 - Remote Code Execution RCE Authenticated Exploit Author: notcos Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download/WingFtpServer.exe...

Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Wing FTP Server - Authenticated RCE Date: 02/06/2022 Exploit Author: notcos Credit: Credit goes to the initial discoverer of this exploit, Alex Haynes. Vendor Homepage: https://www.wftpserver.com/ Software Link: https://www.wftpserver.com/download/WingFtpServer.exe Version: " %...

Low-Detection Phishing Kits Increasingly Bypass MFA

More and more phishing kits are focusing on bypassing multi-factor authentication MFA methods, researchers have warned – typically by stealing authentication tokens via a man-in-the-middle MiTM attack. As MFA continues to see widespread consumer and business adoption – a full 78 percent of...

PYSEC-2022-107

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...

CVE-2022-21728

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...

PT-2022-15067 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The implementation of shape inference for ReverseSequence does not fully validat...

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

Design/Logic Flaw

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

UBUNTU-CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

CVE-2021-43848

CVE-2021-43848 concerns h2o, an open source HTTP server. Affects HTTP/3 support where, from commits 93af138 to d1f0f65, h2o may access uninitialized memory when processing QUIC frames, potentially treating such memory as HTTP/3 frames. In reverse proxy scenarios, an attacker could cause h2o to le...

Rathole - A Lightweight, Stable And High-Performance Reverse Proxy For NAT Traversal, Written In Rust. An Alternative To Frp And Ngrok

A secure, stable and high-performance reverse proxy for NAT traversal, written in Rust rathole, like frp and ngrok, can help to expose the service on the device behind the NAT to the Internet, via a server with a public IP. Features High Performance Much higher throughput can be achieved than frp...

Cisco Small Business RV Series Authentication Bypass / Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Small Business RV Series Authentication Bypass and Command Injection', 'Description' = %q This module exploits an authentication bypass...

h2o 安全漏洞

h2o is a new generation of HTTP server. Not only is it very fast compared to older generation HTTP servers, but it also provides faster responses to end users. A security vulnerability exists in h2o, which stems from the fact that when QUIC frames are received in a particular order, h2o's HTTP/3...

Exploit for CVE-2021-1675

PrintNightmare Local Privilege Escalation PoC src/nightmare...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

ez-pwnkit A pure-Go implementation of the CVE-2021-4034 Pwn...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

ez-pwnkit A pure-Go implementation of the CVE-2021-4034 Pwn...

McAfee Agent Command Injection Vulnerability

The McAfee McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator the antivirus management platform and managed products. A security vulnerability exists in the McAfee Agent that originates from allowing a local user to...

PVS image process gets BSOD on boot up

Using the PVS Upgrade wizard to upgrade the PVS drivers failed. Because of this, we used reverse imaging to remove the PVS drivers and install the 1912 CU4 drivers. On the reboot, during creation of a new vdisk, BSOD encountered. ERROR: BNIStack faile. netork stack col not e initialie -This error...