7082 matches found
Windscribe 1.83 - (WindscribeService) Unquoted Service Path Vulnerability
Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Exploit Author: Ethan Seow Vendor Homepage: https://windscribe.com Version: v1.83 Build 20 Tested on: Microsoft Windows 10 Home 10.0.18363 Build 18363 filename : exploit.bat Code start @echo off sc config WindscribeService...
Windscribe 1.83 - 'WindscribeService' Unquoted Service Path
Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Date: 2020-06-26 Exploit Author: Ethan Seow Vendor Homepage: https://windscribe.com Version: v1.83 Build 20 Tested on: Microsoft Windows 10 Home 10.0.18363 Build 18363 filename : exploit.bat Code start @echo off sc config...
Exploit for Link Following in Docker Desktop
CVE-2020-10665 Docker Desktop Local Privilege Escalation POC...
Cayin xPost 2.5 SQL Injection / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfindermeetinginput.jsp file's wayfinderseqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and...
Apsis Pound Environmental Issues Vulnerabilities
Apsis Pound is a reverse proxy program for Web servers from the German company Apsis. The program supports reverse proxy, load balancing and HTTPS front-end and other features. A security vulnerability exists in versions of Apsis Pound prior to 2.8. An attacker can exploit the vulnerability to...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2020-1666)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking
Read the license before using any part from this code : Malicious DLL Win Reverse Shell generator for DLL Hijacking Features: Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option LHOST,LPORT Example of DLL Hijacking included Half-Life Launcher file Tested on Win7 7601, Windows...
A Bug in Facebook Messenger for Windows Could've Helped Malware Gain Persistence
Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Labs, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could...
A Bug in Facebook Messenger for Windows Could've Helped Malware Gain Persistence
Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Labs, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
SMBGhost CVE-2020-0796 Automate Exploitation and Detection...
h1-ctf: @shakedko H1-2006 CTF writeup
TL;DR Flag is: ^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$. Thank you for this awesome challenge! Introduction I have participated in this CTF as I wanted to see how far I'd be able to get considering the fact that I'm doing bug bounty for a relatively short time. Coming from the software...
JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS
JSshell - a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, ... This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell - a tool to get a JavaScript shell with XSS by...
The vulnerability of the Squid proxy server arises from insufficient validation of input data, allowing attackers to access features that can only be used by reverse proxies.
The vulnerability of the Squid proxy server exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to gain access to features that can only be used by reverse proxies...
tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line EOL parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the...
QuickBox Pro 2.1.8 CVE-2020-13448 - Remote Code Execution
CVE-2020-13448 QuickBox Pro versions 2.1.8 and below suffer from an authenticated remote code execution vulnerability. Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details:...
QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: ...
QuickBox Pro 2.1.8 - Authenticated Remote Code Execution
Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution Date: 2020-05-26 Exploit Author: s1gh Vendor Homepage: https://quickbox.io/ Vulnerability Details: https://s1gh.sh/cve-2020-13448-quickbox-authenticated-rce/ Version: = 2.1.8 Description: An authenticated low-privileged user...
CVE-2020-4490
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...
CVE-2020-4490
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...
Security feature bypass
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...