cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A threat actor named MrRot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager WHM that could result ...

Obfuscate - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-029

This module enables you to obfuscate email addresses, to avoid them being easily available to spammers. The module doesn't sufficiently sanitise input when ROT13 encoding is used. This vulnerability is mitigated by the fact that an attacker must have a role with the ability to enter specific HTML...

Obfuscate Email - Less critical - Cross Site Scripting - SA-CONTRIB-2023-042

This module enables you to hide email addresses from bots and site scrapers by using the rot13 strategy. The module doesn't sufficiently escape the data attribute under the scenario a user has access to manipulate that value. This vulnerability is mitigated by the fact that an attacker must have ...

CVE-2021-43774

A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer e.g., by using the default credentials can download the address book file, which contains the list of users domain users, FTP users...

How we took part in MLSEC and (almost) won

This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition MLSEC — a series of trials testing contestants ability to create and attack machine learning models. The event is comprised of two main challenges — one for attackers, and the other for defenders. The...

ROT8000

ROT8000 is the Unicode equivalent of ROT13. Whats clever about it is that normal English looks like Chinese, and not like ciphertext to a typical Westerner, that is...

Graffiti - A Tool To Generate Obfuscated One Liners To Aid In Penetration Testing

NOTE : Never upload payloads to online checkers Graffiti is a tool to generate obfuscated oneliners to aid in penetration testing situations. Graffiti accepts the following languages for encoding: Python Perl Batch Powershell PHP Bash Graffiti will also accept a language that is not currently on...

imR0T - Send A Message To Your Whatsapp Contact And Protect Your Text By Encrypting And Decrypting (ROT13)

imR0T: Send a quick message with simple text encryption to your whatsapp contact and protect your text by encrypting and decrypting, basically in ROT13 with new multi encryption based algorithm on ASCII and Symbols Substitution. How To Use It's simple: Clone this repository git clone...

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)

Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes. Shellcode exploit for Linuxx86 platform Title: Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes Author: Kartik Durg Date: 201-10-04 Shellcode Length: 104 BYTES Student-ID: SLAE-1233 Write-u...

Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)

Title: Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes Author: Kartik Durg Shellcode Length: 104 BYTES Student-ID: SLAE-1233 Write-up Link: https://iamroot.blog/2018/10/02/0x4-rot13xorencodermmxdecodershellcode-linux-x86/ Tested on: Ubuntu 16.0.4.1 i686...

Offline Digital Forensics Tool for Binary Files: ByteForce

Offline Digital Forensics Tool for Binary Files Offline Digital Forensics Tool for Binary Files This tool can be used for offline digital forensics and malware analysis as it shows all raw bytes of a file and also the ASCII representations. As you can see from the screenshots, It can be used on a...

linux/x86 - ROT13 encoded execve"/bin/sh" 68 bytes

linux/x86 - ROT13 encoded execve"/bin/sh" 68 bytes. Shellcode exploit for linx86 platform / Linux x86 - ROT13 encoded execve"/bin/sh" - 68 bytes Author: xmgv Details: https://xmgv.wordpress.com/2015/03/04/slae-4-custom-shellcode-encoder/ / / global start section .text start: jmp short calldecoder...

OpenX Backdoor PHP Code Execution Vulnerability

OpenX Ad Server version 2.8.10 was shipped with an obfuscated backdoor since at least November 2012 through August 2013. Exploitation is simple, requiring only a single request with a rot13'd and reversed payload. This file is part of the Metasploit Framework and may be subject to redistribution...

[Hash Console v1.5] All-in-one Command-line tool to generate hash md5, sha1, sha256, sha384, sha512, lm, ntlm, base64, crc32, rot13

Hash Console is the all-in-one command-line based tool to quickly generate more than 15 different type of hashes. It can generate hash for any given file or simple text. Hashes or checksums are used for multiple purposes including file integrity verification, encryption, password storage etc. Has...

Basic Codebreaking Lesson - Number, ENIGMA, ROT13

Document Title: =============== Basic Codebreaking Lesson - Number, ENIGMA, ROT13 References: =========== Download: http://www.vulnerability-lab.com/resources/videos/13.wmv View: http://www.youtube.com/watch?v=jOsYWvWTBA Release Date: ============= 2011-06-11 Vulnerability Laboratory ID VL-ID:...

Basic Codebreaking Lesson - Number, ENIGMA, ROT13

Document Title: =============== Basic Codebreaking Lesson - Number, ENIGMA, ROT13 References: =========== Download: http://www.vulnerability-lab.com/resources/videos/13.wmv View: http://www.youtube.com/watch?v=jOsYWvWTBA Release Date: ============= 2011-06-11 Vulnerability Laboratory ID VL-ID:...

Unfixed XSS vulnerability at www.geomatics.ca

Security researcher trueliarx, has submitted on 18/04/2010 a cross-site-scripting XSS vulnerability affecting www.geomatics.ca, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/07/2010. It is currently...

Unfixed XSS vulnerability at doug.finalownage.com

Security researcher trueliarx, has submitted on 18/04/2010 a cross-site-scripting XSS vulnerability affecting doug.finalownage.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 27/06/2010. It is...

Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass

Cisco ASA 8.x - VPN SSL Module Clientless URL-list control Bypass ============================================= INTERNET SECURITY AUDITORS ALERT 2009-013 - Original release date: December 7th, 2009 - Last revised: December 16th, 2009 - Discovered by: David Eduardo Acosta Rodriguez - Severity: 4/1...

Trustwave's SpiderLabs Security Advisory TWSL2009-002

Trustwave's SpiderLabs Security Advisory TWSL2009-002: Cisco ASA Web VPN Multiple Vulnerabilities Published: 2009-06-24 Version: 1.0 Vendor: Cisco Systems, Inc. http://www.cisco.com Versions affected: 8.04, 8.1.2, and 8.2.1 Description: Cisco's Adaptive Security Appliance ASA provides a number of...