Exploit for CVE-2018-11776

CVE-2018-11776 Environment for CVE-2018-11776 / S2-057 Dem...

Exploit for CVE-2018-11776

Vulnerable docker container for CVE-2018-11776 docker...

Exploit for CVE-2018-11776

CVE-2018-11776-Python-PoC hook-s3c github.com/hook-s3c, @hoo...

Exploit for CVE-2018-11776

CVE-2018-11776 Proof of Concept exploit so I could quickly as...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

This repository is an offensive tool for a vulnerability environment. It is a Docker-Compose file for a vulnerability environment. The repository contains a .gitignore file, a README.md file, and several other files that are used to configure the environment. The .gitignore file contains a list o...

CloudSploit Scans - AWS Security Scanning Checks

CloudSploit scans is an open-source project designed to allow detection of security risks in an AWS account. These scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks. Installation Ensure that NodeJS is installed. If not, instal...

SUSE-SU-2018:2317-1 Security update for grafana, kafka, logstash, openstack-monasca-installer

This update for grafana, kafka, logstash, openstack-monasca-installer fixes the following issues: Security issues fixed: - CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links bsc1096985. - CVE-2018-3817: logstash: Fix inadvertently logging of sensitive information bsc1090849. Bug...

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

TP-Link Wireless N Router WR840N - Denial of Service PoC Exploit Title:- TP-Link Wireless N Router WR840N - Denial of Service PoC Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version:...

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

Exploit Title:- TP-Link Wireless N Router WR840N - Denial of Service PoC Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version: TP-Link Wireless N Router WR840N Category: Hardware Exploit...

Whatsapp Automation - A Collection Of Tools For Sending And Recieving Whatsapp Messages

Whatsapp Automation is a collection of APIs that interact with WhatsApp messenger running in an Android emulator, allowing developers to build projects that automate sending and receiving messages, adding new contacts and broadcasting messages multiple contacts. The project uses Selinium, Appium,...

Comparison of Application Security Testing Approaches

Overview The following table lists a side-by-side comparison of different application security testing approaches. Additional rating details are available when hovering over each column. In the following, each approach is introduced. Category Automated Security Testing Manual Security Testing...

Microsoft Wireless Display Adapter 2 Command Injection / Broken Access Control

secuvera-SA-2018-03: Command Injection, Broken Access Control and Evil-Twin-Attack in Microsoft Wireless Display Adapter V2 - CVE-2018-8306 Affected Products: Microsoft Wireless Display Adapter V2: - Microsoft Wireless Display Adapter V2 Softwareversion 2.0.8350 to 2.0.8372 have been tested and a...

Trivum Multiroom Setup Tool 8.76 - Cross-Site Request Forgery (Admin Bypass) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery Admin Bypass Date: 2018-07-25 Software Link: https://world.trivum-shop.de https://world.trivum-shop.de/ Version: 9.34 build 13381 - 12.07.18 Category: hardware,...

Samsung SmartThings Hub hubCore port 39500 sync denial-of-service vulnerability

Summary An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings’ remote servers, which incorrectly handle camera IDs for the “sync” operation, leading to arbitrary deleti...

Touchpad Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass

Touchpad Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass Exploit Title: Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 - Unauthorized Authentication Reset Date: 2018-07-20 Software Link: https://world.trivum-shop.de Version: 2.56 build 13381 - 12-07-2018 Category: webapps...

CVE-2018-13860

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

CVE-2018-13858

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example...

Cross site request forgery (csrf)

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

Authorization

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" a successful...

Design/Logic Flaw

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example...