7082 matches found
CVE-2020-29238
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request...
CVE-2020-29238
CVE-2020-29238 describes an integer buffer overflow in the Nginx webserver used by ExpressVPN Router firmware v1, when the server runs as a reverse proxy. The vulnerability allows remote attackers to cause information disclosure via specially crafted requests. Affected product is ExpressVPN Route...
EulerOS Virtualization 3.0.2.6 : ruby (EulerOS-SA-2021-1450)
According to the version of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled wit...
SAP Business Objects Business Intelligence Platform 输入验证错误漏洞
SAP Netweaver Application Server Java is part of the SAP NetWeaver Application Platform, which provides a complete infrastructure for deploying and running Java applications. A reverse tag phishing vulnerability exists in SAP Netweaver Application Server Java 7.00, 7.10, 7.11, 7.20, 7.30, 7.31,...
ExpressVPN Router 输入验证错误漏洞
ExpressVPN Router is a VPN router from ExpressVPN UK. It provides a protected network communication feature. ExpressVPN Router suffers from an input validation error vulnerability that originates from an integer buffer overflow in the Nginx web server, which can be exploited by an attacker to...
Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)
Golden FTP Server 4.70 - 'PASS' Buffer Overflow 2 Author: 1F98D Original Authors: Craig Freyman cd1zz and Gerardo Iglesias Galvan iglesiasgg Tested on Windows 10 x64 A buffer overflow exists in GoldenFTP during the authentication process. Note that the source ip address of the user performing the...
Hotel And Lodge Management System 1.0 Shell Upload
Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Date: 07-03-2021 Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html...
Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution Unauthenticated Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html Version: 1.0 Tested o...
Malicious Package
Overview rcenodejs is a malicious package. It uses a preinstall script to execute a reverse shell. Remediation Avoid using all malicious instances of the rcenodejs package. Credit: Snyk Research...
packetStrider - A Network Packet Forensics Tool For SSH
packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with AKA Why?...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-1450)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow
Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow among others inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept PoC code dependency-confusion exploit that w...
vxhunter
This is an offensive tool for embedded device analysis. It is a toolset for VxWorks based embedded device analyses, specifically designed for analyzing VxWorks firmware. The toolset includes plugins written in Python for analyzing firmware loading address, fixing function names with symbol tables...
AnyDesk 5.5.2 - Remote Code Execution Exploit
Exploit Title: AnyDesk 5.5.2 - Remote Code Execution Exploit Author: scryh Vendor Homepage: https://anydesk.com/en Version: 5.5.2 Tested on: Linux Walkthrough: https://devel0pment.de/?p=1881 !/usr/bin/env python import struct import socket import sys ip = '192.168.x.x' port = 50001 def...
AnyDesk 5.5.2 - Remote Code Execution
Exploit Title: AnyDesk 5.5.2 - Remote Code Execution Date: 09/06/20 Exploit Author: scryh Vendor Homepage: https://anydesk.com/en Version: 5.5.2 Tested on: Linux Walkthrough: https://devel0pment.de/?p=1881 !/usr/bin/env python import struct import socket import sys ip = '192.168.x.x' port = 50001...
nightmare
This repository is an open-source project for teaching binary exploitation and reverse engineering skills through a series of challenges. It is a collection of CTF Capture The Flag challenges designed to help learners develop their skills in exploiting binaries and reversing assembly code. The...
OpenWifiPass - An Open Source Implementation Of Apple's Wi-Fi Password Sharing Protocol In Python
An open source implementation of the grantor role in Apple's Wi-Fi Password Sharing protocol. Disclaimer OpenWifiPass is experimental software and is the result of reverse engineering efforts by the Open Wireless Link project. The code serves solely documentary and educational purposes. It is...
Fedora: Security Advisory for radare2 (FEDORA-2021-e3c95619c1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 32 Update: radare2-5.1.1-1.fc32
The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...
PE-Packer - A Simple Windows X86 PE File Packer Written In C And Microsoft Assembly
PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering. It will do the following things when packing a PE file: Transforming the original import table. Encrypting sections. Clearing section names. Installing the shell-entry...