Lucene search
K

7082 matches found

Packet Storm
Packet Storm
added 2020/11/25 12:0 a.m.716 views

SyncBreeze 10.0.28 Remote Buffer Overflow

Exploit Title: SyncBreeze 10.0.28 - 'password' Remote Buffer Overflow Date: 18-Sep-2020 Exploit Author: Abdessalam kingA.salam Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.0.28.exe Version: 10.0.28 Tested on: Windows 7,windows...

0.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/11/24 11:57 a.m.11 views

golang: data race in certain net/http servers including ReverseProxy can lead to DoS

A flaw was found Go's net/http package. Servers using ReverseProxy from net/http in the Go standard library are vulnerable to a data race that results in a denial of service. The highest threat from this vulnerability is to system availability...

5.9CVSS7.3AI score0.02893EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2020/11/24 12:0 a.m.717 views

docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter)

Exploit Title: docPrint Pro 8.0 - 'Add URL' Buffer Overflow SEH Egghunter Date: 2020-07-26 Exploit Author: MasterVlad Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Vulnerability Type: Local Buffer Overflow Tested on: Windows 7 32-bi...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/11/18 5:7 a.m.68 views

OBDeleven vulnerability

OBDelevens OBD-II dongle is an onboard diagnostics port module that connects to a mobile app over Bluetooth. It takes advantage of weaknesses in UDS secure access to unlock the vehicle ECU and enable enhanced diagnostics and some additional functionality. Some of these functions are only availabl...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2020/11/17 8:30 p.m.83 views

Rehex - Reverse Engineers' Hex Editor

A cross-platform Windows, Linux, Mac hex editor for reverse engineering, and everything else. Features Large 1TB+ file support Decoding of integer/floating point value types Disassembly of machine code Highlighting and annotation of ranges of bytes Side by side comparision of selections...

7.2AI score
Exploits0References4
Gitee
Gitee
added 2020/11/13 1:35 p.m.3 views

CTF-All-In-One

This repository is an offensive tool for CTF Capture The Flag competitions, specifically targeting Linux binary security. The repository contains a collection of tools and resources for learning and practicing binary exploitation, reverse engineering, and other related skills. The repository...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.34 views

Oracle Linux 7 : tomcat (ELSA-2020-5020)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5020 advisory. 0:7.0.76-16 - Resolves: rhbz1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling Tenable has extracted the...

5.8CVSS7.4AI score0.09386EPSS
Exploits0References2
Kitploit
Kitploit
added 2020/11/11 11:30 a.m.41 views

NFCGate - An NFC Research Toolkit Application For Android

NFCGate is an Android application meant to capture, analyze, or modify NFC traffic. It can be used as a researching tool to reverse engineer protocols or assess the security of protocols against traffic modifications. Notice This application was developed for security research purposes by student...

7AI score
Exploits0References17
Packet Storm
Packet Storm
added 2020/11/11 12:0 a.m.360 views

CMSUno 1.6.2 Remote Code Execution

Exploit Title: CMSUno 1.6.2 - 'user' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.09.30 Exploit Author: Fatih Çelik Vendor Homepage: https://github.com/boiteasite/cmsuno/ Software Link: https://github.com/boiteasite/cmsuno/ Blog:...

Exploits0
RedHat Linux
RedHat Linux
added 2020/11/10 1:20 p.m.5 views

tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...

5.8CVSS6.8AI score0.09386EPSS
Exploits0References7
Kitploit
Kitploit
added 2020/11/10 11:30 a.m.36 views

paradoxiaRAT - Native Windows Remote Access Tool

Paradoxia Remote Access Tool. Features Paradoxia Console Feature | Description ---|--- Easy to use | Paradoxia is extremely easy to use, So far the easiest rat! Root Shell | - Automatic Client build | Build Paradoxia Client easily with or without the icon of your choice. Multithreaded |...

7.5AI score
Exploits0References6
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/11/10 7:30 a.m.26 views

Snakes and Ladder Logic

A click to a reverse shell in OpenPLC and ladder logic OR Why you shouldn’t run everything as root in PLC and RTUs. TL;DR Most of the RTU’s and PLC’s that run a Unix based OS that we test and, and some devices on Windows that we’ve tested on maritime engagements, run as root and/or admin. They al...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2020/11/08 8:30 p.m.114 views

ShowStopper - Anti-Debug tricks exploration tool

The ShowStopper project is a tool to help malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods. With this tool, you can attach a debugger to its process and research the debugger’s behavior for the...

7.2AI score
Exploits0References3
0day.today
0day.today
added 2020/11/08 12:0 a.m.51 views

git-lfs Remote Code Execution Exploit

Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more. / Go PoC exploit for git-lfs - Remote Code Execution RCE vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go...

10CVSS0.4AI score0.82715EPSS
Exploits14
Gitee
Gitee
added 2020/11/07 4:37 p.m.2 views

pwntools

This is an open-source repository for the pwntools project, a Python library for reverse engineering and exploitation. The repository contains various files and workflows for contributing to the project, including issue templates, pull request templates, and workflows for continuous integration a...

7AI score
Exploits0
Kitploit
Kitploit
added 2020/11/06 8:30 p.m.58 views

GWTMap - Tool to help map the attack surface of Google Web Toolkit

GWTMap is a tool to help map the attack surface of Google Web Toolkit GWT based applications. The purpose of this tool is to facilitate the extraction of any service method endpoints buried within a modern GWT application's obfuscated client-side code, and attempt to generate example GWT-RPC...

7.4AI score
Exploits0References1
Packet Storm
Packet Storm
added 2020/11/06 12:0 a.m.194 views

Sentrifugo 3.2 Remote Code Execution

Exploit Title: Sentrifugo 3.2 - 'assets' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/11/06 12:0 a.m.389 views

git-lfs Remote Code Execution

/ Go PoC exploit for git-lfs - Remote Code Execution RCE vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go Discovered by Dawid Golunski https://legalhackers.com https://exploitbox.io Affected RCE exploit: Git / GitHub CLI / GitHub Desktop / Visual Studio / GitKraken / SmartGit /...

8.4AI score0.82715EPSS
Exploits14
Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.234 views

Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)

Exploit Title: Sentrifugo Version 3.2 - 'announcements' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...

7.4AI score
Exploits0
OSV
OSV
added 2020/11/05 8:15 p.m.3 views

CVE-2020-5944

In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pages in the BIG-IQ system interface returns an error message due to disabled Grafana reverse proxy in web service configuration. F5 has done further review of this vulnerability and has re-classified it as a defect. CVE-2020-5944...

4.3CVSS5.8AI score0.00814EPSS
Exploits0References1
Rows per page
Query Builder