CVE-2019-12922

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page...

poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc

In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing...

Revshellgen - Reverse Shell Generator Written In Python.

Standalone python script for generating reverse shells easily and automating the boring stuff like URL encoding the command and setting up a listener. Download git clone https://github.com/t0thkr1s/revshellgen Install The script has 2 dependencies: pyperclip colorama You can install these by...

BlackArch Linux v2019.09.01 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 2336 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added more than 150 new tools added...

Phishing-Simulation - Aims To Increase Phishing Awareness By Providing An Intuitive Tutorial And Customized Assessment

Phishing Simulation mainly aims to increase phishing awareness by providing an intuitive tutorial and customized assessment without any actual setup - no domain, no infrastructure, no actual email address to assess people's action on any given situation and gives ability to understand what is the...

DEBIAN-CVE-2019-15917

An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hciuartregisterdev fails in hciuartsetproto in drivers/bluetooth/hcildisc.c...

B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF. SETUP Upload the files to your server. Create a Database and upload database.sql file to it. Change the DB Credentials in db.php file. Ready. USAGE BLIND XSS BLIND XXE %ext; SSRF GET /testssrf.php=http://mysite.com/bxssrf/request.php...

The vulnerability of the Bluetooth BR/EDR encryption key negotiation protocol, which stems from the use of cryptographic algorithms with defects, allows a perpetrator to carry out a “man-in-the-middle” attack, interfering with the encryption setup process for BR/EDR connections and reducing the length of the encryption key used.

The vulnerability of the Bluetooth BR/EDR encryption key negotiation protocol lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability allows a malicious actor, operating remotely, to carry out a “man-in-the-middle” attack, interfere with the...

Cross-site Scripting in Ignite Realtime Openfire

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test...

CVE-2019-15488

CVE-2019-15488 affects Ignite Realtime Openfire before 4.4.1, where the LDAP setup test endpoint processes input in a way that allows a reflected XSS payload. The issue is described as a reflected XSS via the LDAP setup test in multiple sources (Openfire, Red Hat advisory, OSV, etc.). No explicit...

CVE-2019-11031

Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges...

osTicket 1.12 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: osTicket-v1.12 Stored XSS Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category:...

NewStart CGSL CORE 5.04 / MAIN 5.04 : setup Vulnerability (NS-SA-2019-0075)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has setup packages installed that are affected by a vulnerability: - Setup in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells an...

Enhancesoft osTicket cross-site scripting vulnerability (CNVD-2020-16824)

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in the setup/install.php file in Enhancesoft osTicket versions prior to 1.10.7 and 1.12.x versions prior to 1.12.1. The vulnerability stems from the lack of proper validation of...

CVE-2019-14750

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

Cross site scripting

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

Linux kernel integer overflow vulnerability (CNVD-2019-25055)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An integer overflow vulnerability exists in the 'setupformatparams' function in the drivers/block/floppy.c file in Linux kernel versions prior to 5.2.3. The...

Uncompyle6 - A Cross-Version Python Bytecode Decompiler

A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introduction uncompyle6 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python version 1.3 to version 3.8, spanning over 24 years ...

DEBIAN-CVE-2016-10764

In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspisetupflash function. There are CQSPIMAXCHIPSELECT elements in the -fpdata array so the "" should be "=" instead...

CVE-2016-10764

In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspisetupflash function. There are CQSPIMAXCHIPSELECT elements in the -fpdata array so the "" should be "=" instead...