MetInfo config/config_db.php file arbitrary command execution vulnerability

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A security vulnerability exists in MetInfo version 6.0.0, which stems from sloppy filtering of the configuration file in the config/configdb.php file. An attacker can exploit the...

Microsoft Windows Named Pipe File System CVE-2018-0823 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to run processes with elevated privileges. Technologies Affected Microsoft Windows 10 version 1709 for 32-bit Systems Microsoft Windows 10 version 1709 for x64-based Syste...

Microsoft Windows CVE-2018-0822 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute processes with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...

Microsoft Windows Kernel CVE-2018-0809 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code in kernel mode with elevated privileges. Technologies Affected Microsoft Windows 10 version 1703 for 32-bit Systems Microsoft Windows 10 version...

Microsoft Windows Kernel CVE-2018-0756 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...

AutoSploit - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache, IIS, etc, upon which a list of...

Automated Mass Exploiter: AutoSploit

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache , IIS , etc, upon which a list of...

The vulnerability of the Switch Configuration Tools Backend component (clcmd_server) of the Cumulus Linux operating system allows a hacker to execute arbitrary commands.

The vulnerability of the Switch Configuration Tools Backend component clcmdserver in the Cumulus Linux operating system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to execute arbitrary commands using metashell shells, utilizing the “cl-rctl”...

Web Shell Detector - PHP Script That Helps You Find And Identify PHP / CGI (Perl) / ASP / ASPX Shells

Web Shell Detector is a php script that helps you find and identify php/cgiperl/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and...

Pupy - Opensource, Cross-Platform (Windows, Linux, OSX, Android) Remote Administration And Post-Exploitation Tool

Pupy is an opensource, cross-platform Windows, Linux, OSX, Android, multi function RAT Remote Administration Tool and post-exploitation tool mainly written in python. It features a all-in-memory execution guideline and leaves very low footprint. Pupy can communicate using various transports,...

fuxploider - File Upload Vulnerability Scanner And Exploitation Tool

fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file o...

Microsoft Windows Kernel CVE-2018-0746 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

GPWeb Arbitrary File Upload Vulnerability

GPWeb is a suite of public management software dedicated to the Brazilian government sector. An arbitrary file upload vulnerability exists in GPWeb version 8.4.61. A remote attacker can exploit this vulnerability to upload arbitrary file types including: PHP shells...

Microsoft Windows Kernel CVE-2017-11831 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows Kernel CVE-2017-11847 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...

Microsoft Windows DLL Loading CVE-2017-11769 Multiple Local Privilege Escalation Vulnerabilities

Description Microsoft Windows is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected...

Microsoft Windows Subsystem for Linux CVE-2017-8703 Local Denial of Service Vulnerability

Description Microsoft Windows is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a local denial-of-service condition. Technologies Affected Microsoft Windows 10 version 1703 for x64-based Systems Recommendations Permit local access for trusted individuals onl...

Microsoft Windows GDI+ Component CVE-2017-8681 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

Microsoft Windows Kernel 'Win32k.sys' CVE-2017-8593 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete contro...

DAws - Advanced Web Shell

There's multiple things that makes DAws better than every Web Shell out there: 1. Bypasses Security SystemsIPS, WAFs,etc like Suhosinuses up to 20 php functions just to get a command executed. 2. Drops CGI Shells and communicate with them to bypass Security Systems. 3. Uses the SSH Authorized Key...