31 matches found
Malicious code in emojifancy-print (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87a0b34b08697e7c8c67b8111ab442ec2d1168f0981b4680fc327a40ba370d79 The package advertises itself as a colorized logger but ships a backdoor in dist/logger.js that fires automatically when the module is loaded. At...
CVE-2017-20227 JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and...
CVE-2017-20227 JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and...
PT-2026-28233
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and...
HashiCorp Nomad Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HashiCorp Nomad Remote Command Execution', 'Description' = %q Create a batch job on HashiCorp's Nomad service to spawn a shell. The default optio...
Command Injection
Overview total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Command Injection. The issue occurs in the...
Ajenti 2.1.31 Remote Code Execution
Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires Metasploit: https://metasploit.com/download...
MiniFtp - parseconf_load_setting Buffer Overflow Exploit
Exploit for linux platform in category local exploits Exploit Title: MiniFtp parseconfloadsetting local-bufferoverflow 318 bytes Exploit Author: strider Vendor Homepage: https://github.com/skyqinsc/MiniFtp Software Link: https://github.com/skyqinsc/MiniFtp Tested on: Debian 9 Stretch i386/ Kali...
MiniFtp - parseconf_load_setting Buffer Overflow
MiniFtp - parseconfloadsetting Buffer Overflow Exploit Title: MiniFtp parseconfloadsetting local-bufferoverflow 318 bytes Google Dork: None Date: 11.04.2019 Exploit Author: strider Vendor Homepage: https://github.com/skyqinsc/MiniFtp Software Link: https://github.com/skyqinsc/MiniFtp Tested on:...
10-Strike LANState 8.8 - Local Buffer Overflow (SEH)
10-Strike LANState 8.8 - Local Buffer Overflow SEH Exploit Title: 10-Strike LANState 8.8 - Local Buffer Overflow SEH Date: 2018-07-24 Exploit Author: absolomb Vendor Homepage: https://www.10-strike.com/products.shtml Software Link: https://www.10-strike.com/lanstate/download.shtml Version 8.8...
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
/ ; Filename: tcpbindshellcodelight.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: binds on TCP port 4444 and spawn a shell on incoming connections. global start section .text start: ; Creating the socket. ; ; int socketint domain...
Hotspot Shield DLL Hijacking
Exploit Title: Hotspot Shield DLL Hijacking Exploit shcore.dll Date: 27-8-2016 Author: Amir.ght Vendor Homepage: https://www.hotspotshield.com/ Software Link: https://mydati.com/download/hss-win2/HSS-773.exe Version: Tested on:Windows 7...
tnftp (FreeBSD 8910) - tnftp Client Side
tnftp FreeBSD 8910 - tnftp Client Side !/usr/bin/env python2 Exploit Title: tnftp BSD exploit Date: 11/29/2014 Exploit Author: dash Vendor Homepage: www.freebsd.org Version: FreeBSD 8/9/10 Tested on: FreeBSD 9.3 CVE : CVE-2014-8517 tnftp exploit CVE-2014-8517tested against freebsd 9.3...
My_EGallery Module 3.1.1 - Remote Include Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9113/info A problem has been identified in the handling of input by MyeGallery. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the vulnerable software. MyeGallery explo...
xtell 1.91.1/2.6.1 - Multiple Remote Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/4193/info xtell is a simple network messaging program. It may be used to transmit terminal messages between users and machines. xtell is available for Linux, BSD and most other Unix based operating systems. Multiple buffe...
CoffeeCup FTP Clients (Direct <= 6.2.0.62) (Free <= 3.0.0.10) BoF Exploit
No description provided by source. / CoffeeCup FTP Clients Buffer Overflow Vulnerability Exploit created by Komrade e-mail: unsecureataltervistadotorg web: http://unsecure.altervista.org Tested on: CoffeeCup Direct FTP 6.2.0.62 CoffeeCup Free FTP 3.0.0.10 on a Windows XP Professional sp2 operatin...
Elm Development Group ELM 2.4/2.5.1 Mail for UNIX (ELM) Buffer Overflow (1)
No description provided by source. source: http://www.securityfocus.com/bid/1276/info Buffer overflow vulnerabilities exist in elm Electronic Mail for Unix. / Elm Exploit - Scrippie - Phreak.nl - b0f - http://b0f.freebsd.lublin.pl This exploit spawns an EGID mail shell on the default Slackware 4...
Symantec Altiris DS SQL Injection Vulnerability
Usage Info This module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injection...
Symantec Altiris DS SQL Injection
This module exploits a SQL injection flaw in Symantec Altiris Deployment Solution 6.8 to 6.9.164. The vulnerability exists on axengine.exe which fails to adequately sanitize numeric input fields in "UpdateComputer" notification Requests. In order to spawn a shell, several SQL injections are...
Windows Command Shell, Bind TCP (via Lua)
Listen for a connection and spawn a command shell via Lua This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 218 include Msf::Payload::Single include Msf::Sessions::CommandShellOption...