7082 matches found
LanSend 3.2 - Buffer Overflow (SEH) Exploit
Exploit Title: LanSend 3.2 - Buffer Overflow SEH Exploit Author: gurbanli Vulnerable Software: LanSend 3.2 Vendor Homepage: https://lizardsystems.com Version: 3.2 Software Link: https://lizardsystems.com/download/lansendsetup.exe Tested on: Windows 7 x86 f = file'payload.txt','w' """ PoC 1. Run...
LanSend 3.2 Buffer Overflow
Exploit Title: LanSend 3.2 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-12 Vulnerable Software: LanSend 3.2 Vendor Homepage: https://lizardsystems.com Version: 3.2 Software Link: https://lizardsystems.com/download/lansendsetup.exe Tested on: Windows 7 x86 f = file'payload.txt','w'...
LanSend 3.2 - Buffer Overflow (SEH)
Exploit Title: LanSend 3.2 - Buffer Overflow SEH Exploit Author: gurbanli Date: 2020-05-12 Vulnerable Software: LanSend 3.2 Vendor Homepage: https://lizardsystems.com Version: 3.2 Software Link: https://lizardsystems.com/download/lansendsetup.exe Tested on: Windows 7 x86 f = file'payload.txt','w'...
Catchyou - FUD Win32 Msfvenom Payload Generator
Fully Undetectable Win32 MSFVenom Payload Generator meterpreter/shell reverse tcp Author: github.com/thelinuxchoice/catchyou Twitter: twitter.com/linuxchoice Please, don't upload to VirusTotal! Usehttps://antiscan.me Features: Fully Undetectable Win32 MSFVenom Payload meterpreter/shell reverse tc...
Pi-hole < 4.4 - Remote Code Execution Exploit
Exploit for linux platform in category web applications !/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard...
Pi-hole < 4.4 - Remote Code Execution / Privileges Escalation Exploit
Exploit for linux platform in category web applications !/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard...
PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the templatevuln folder to create a new chapter: README.md - vulnerability description and how to exploit it Intrud...
Exploit for OS Command Injection in Pi-Hole
CVE-2020-8816 A Python script to exploit CVE-2020-8816, a remo...
Pi-hole 4.4 Remote Code Execution
!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...
Pi-hole 4.4 Remote Code Execution / Privilege Escalation
!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...
Pi-hole < 4.4 - Authenticated Remote Code Execution
!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...
Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation
!/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard port, for the sake of simplicity and not having to modify...
Shellerator - Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages
Shellerator is a simple command-line tool aimed to help pentesters quickly generate one-liner reverse/bind shells in multiple languages Bash, Powershell, Java, Python.... This project is inspired by Print-My-Shell. I just rewrote it and added some options and glitter to it. The lists ofreverse an...
SolarWinds MSP PME Cache Service Insecure File Permissions / Code Execution Exploit
SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities. Title: SolarWinds MSP PME Cache Service - Insecure File Permissions / Code Execution Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG GitHub:...
Speaking at security events
I don't claim to be an amazing speaker; I'm still in awe of great infosec speakers such as Mikko Hypponen, Charlie Miller, Mudge and many others. However, I do keep being invited back to speak at events, so I guess I'm doing something right. Sometimes it's a minor slot at a big event, but the...
openSUSE Security Update : squid (openSUSE-2020-606)
This update for squid to version 4.10 fixes the following issues : Security issues fixed : - CVE-2019-12528: Fixed an information disclosure flaw in the FTP gateway bsc1162689. - CVE-2020-8449: Fixed a buffer overflow when squid is acting as reverse-proxy bsc1162687. - CVE-2020-8450: Fixed a buff...
Authelia - The Single Sign-On Multi-Factor Portal For Web Apps
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on SSO for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through...
Exploit for Race Condition in Canonical Ubuntu_Linux
This is a PoC Proof of Concept exploit for CVE-2016-5195, also known as Dirty COW. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The exploit is architecture-dependent and may not work on every Linux version. The payload is written in assemb...
Security update for squid (moderate)
openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2020:0606-1 Rating: moderate References: 1162687 1162689 1162691 Cross-References: CVE-2019-12528 CVE-2020-8449 CVE-2020-8450 CVE-2020-8517 Affected Products: openSUSE Leap 15.1 An update that fixes four...
[SECURITY] [DSA 4672-1] trafficserver security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4672-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 01, 2020 https://www.debian.org/security/faq -...