ReCrystallize Server - Authentication Bypass

This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed. id: CVE-2024-26331...

sensepost gowitness 授权问题漏洞

gowitness is a website screenshot utility program written in Golang. An authorization issue vulnerability exists in sensepost gowitness that stems from a lack of authentication measures in gowitness. Exploitation of this vulnerability allows an unauthenticated attacker to perform arbitrary file...

Necurs-Based DDE Attacks Now Spreading Locky Ransomware

Microsoft may soon have to reflect on its stance that the use of an Office feature called DDE to execute code on compromised computers doesn’t merit a patch. The SANS Internet Storm Center last night said the Necurs botnet has been spreading Locky ransomware using the DDE attack. Handler Brad...

DET - (extensible) Data Exfiltration Toolkit

DET is provided AS IS, is a proof of concept to perform Data Exfiltration using either single or multiple channels at the same time. This is a Proof of Concept aimed at identifying possible DLP failures. This should never be used to exfiltrate sensitive/live data say on an assessment The idea was...

Legacy Office Feature Used In Novel Document Attacks

Recent document-based attacks have leveraged malicious macros that if enabled install malware. But, researchers at SensePost have developed a proof-of-concept attack that does not require macros and instead uses an old Microsoft Office feature called Dynamic Data Exchange to execute code on...

Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017) Exploit

Exploit for windows platform in category local exploits E-DB Note: + Source: https://github.com/sensepost/gdi-palettes-exp + Binary: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42432.exe include include include include //From...

Internet Bug Bounty: ap_find_token() Buffer Overread

Versions Affected: httpd 2.2.32 httpd 2.4.24 unreleased httpd 2.4.25 Description: The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows apfindtoken to search past the end of its input string. By maliciously crafting a sequence of request...

Windows 10 the next MS16-098 RGNOBJ integer overflow vulnerability analysis and exploit-vulnerability warning-the black bar safety net

This article with reference to , the text talked about the Windows Kernel Pool Feng Shui, SetBitmapBits/GetBitmapBits to any address read and write, etc. the use of Means, and very helpful in learning the Windows kernel exploits. Test environment: Windows 10 1511 x64 Professional Edition2016.04 2...

Ruler - A Tool To Abuse Exchange Services

Ruler is a tool that allows you to interact with Exchange servers through the MAPI/HTTP protocol. The main aim is abuse the client-side Outlook mail rules as described in: Silentbreak blog Silentbreak did a great job with this attack and it has served us well. The only downside has been that it...

ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities

SPSA-2016-02/ManageEngine ApplicationsManager------------------------------ SECURITY ADVISORY: SPSA-2016-02/ManageEngine Applications Manager Build No: 12700 Affected Software: ManageEngine Applications Manager Build No: 12700 Vulnerability: Information Disclosure and Un-Authenticated SQL...

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (8)

No description provided by source. !/usr/bin/perl See http://www.securityfocus.com/vdb/bottom.html?section=exploit&vid=1806 Very simple PERL script to execute commands on IIS Unicode vulnerable servers Use port number with SSLproxy for testing SSL sites Usage: unicodexecute2 IP:port command Only...

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot ../ directory traversal exploitation if extended UNICODE character representations are used in substitution for / and . Unauthenticated users may acces...

RedHat Update for system-config-firewall RHSA-2011:0953-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RedHat Update for system-config-firewall RHSA-2011:0953-01

Check for the Version of system-config-firewall OpenVAS Vulnerability Test RedHat Update for system-config-firewall RHSA-2011:0953-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute i...

Cyberoam Unified Threat Management: Insecure Password Handling

Hi, Please find below the details of a vulnerability I discovered in Cyberoam UTM device. The Vendor was notified, however I did not receive any response from Vendor despite repeated email reminders. SECURITY ADVISORY: cyberoam-utm-insecure-password-handling Affected Software: Cyberoam CR50ia...

Cyberoam UTM Multiiple Vulnerabilities

Exploit for hardware platform in category web applications Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured security, connectivity and...

Cyberoam UTM - Multiple Vulnerabilities

Cyberoam UTM - Multiple Vulnerabilities SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured...

Cyberoam UTM Credential Disclosure

SECURITY ADVISORY: cyberoam-utm-insecure-password-handling Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: Insecure Password Handling Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured security, connectivity and...

RHEL 6 : system-config-firewall (RHSA-2011:0953)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0953 advisory. system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module...

ipMonitor Encoded Traversal Arbitrary File Access

A directory traversal flaw was discovered by SensePost to affect ipMonitor versions 8.0 and 8.5. Upon sending a specially formed request to the web server, containing a series of '%2f..' sequences, an unauthenticated attacker is able to traverse the web root and obtain files within the remote fil...