7082 matches found
Reverse Tabnabbing in quill
Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks. Recommendation No fix is currently available...
Windows Inject Reflective PE Files, Windows x64 Reverse Named Pipe (SMB) Stager
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject Reflective PE Files, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject Reflective PE Files, Reverse TCP Stager with UUID Support (Windows x64)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Windows Inject PE Files, Reverse TCP Stager (RC4 Stage Encryption, Metasm)
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE loader will execute the pre-mapped PE image starting from the address of entry after performing image base relocation and API address resolution. This module requires a PE file that contains...
Amazon Linux 2 : squid (ALAS-2020-1486)
The version of squid installed on the remote host is prior to 3.5.20-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1486 advisory. An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive informatio...
Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated)
!/usr/bin/python3 Exploit Title: Rukovoditel 2.7.1 - Remote Code Execution Authenticated Exploit Author: @danyx07 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: Rukovoditel -p you can provide credentials, load the image with PHP...
CMS Made Simple 2.2.14 Shell Upload
!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)
!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
TP-Link WDR4300 Remote Code Execution
!/usr/bin/python3 import sys import hashlib import base64 import requests import binascii import socket """ RCE via stack-based overflow on TP-Link WDR4300 N750 devices, using CVE-2017-13772. Tested on Firmware versions 3.13.33, Build 130618 and 3.14.3 Build 150518, hardware WDR4300 v1 Usage: 1...
Brave Software: Redirecting users to malicious torrent-files/websites using WebTorrent
Summary: An attacker can redirect a user to a malicious torrent file/website using a reverse tab-nabbbing flaw in WebTorrent. Description WebTorrent allows user to open files after download of while they are being downloaded directly from the browser F965466 An attacker can use this to redirect...
Debian DSA-4750-1 : nginx - security update
It was reported that the Lua module for Nginx, a high-performance web and reverse proxy server, is prone to a HTTP request smuggling vulnerability. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4750. The te...
Linux/x86 reverse TCP Shellcode (84 bytes)
Title: Linux/x86 - Reverse TCP Shellcode 84 bytes Author: Xenofon Vassilakopoulos Tested on: Linux 3.13.0-32-generic 57precise1-Ubuntu i686 i386 GNU/Linux Architecture: i686 GNU/Linux Shellcode Length: 84 bytes SLAE-ID: SLAE - 1314 --------------------- Reverse Shellcode ---------------------...
SUSE-SU-2020:14460-1 Security update for squid3
This update for squid3 fixes the following issues: - Fixed a Cache Poisoning and Request Smuggling attack CVE-2020-15049, bsc1173455 - Fixed incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses CVE-2019-12519,...
CVE-2020-14194
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link...
CVE-2020-14194
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link...
Design/Logic Flaw
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link...
CVE-2020-14194
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link...
CVE-2020-14194
CVE-2020-14194 affects Zulip Server prior to 2.1.5. The issue is a reverse tabnapping vulnerability triggered by a topic header link, enabling tabnabbing conditions in the Zulip web UI. Exploitation details are not provided beyond the reverse tabnapping description in the connected documents; no ...
Zulip Server Reverse Tag Kidnapping Vulnerability
Zulip is a powerful open source group chat application that combines the immediacy of live chat with the productivity benefits of threaded conversations.Zulip Server is the Zulip server. A reverse tag kidnapping vulnerability exists in Zulip Server versions prior to 2.1.5. An attacker can exploit...