hitconDockerfile

This repository is an offensive tool for web application exploitation. It contains a collection of web challenges created by the user "Pr0phet" for the HITCON CTF Capture The Flag series. The challenges are designed to test various web application vulnerabilities, including SQL injection, SSRF...

CVE-2019-15653

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...

Design/Logic Flaw

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via an insecure authentication mechanism. The HTML source code of the login page contains values that allow obtaining the username and password. The username are password values are a double md5 of the plaintext real...

FreeBSD-SA-20:09.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:09.ntp Security Advisory The FreeBSD Project Topic: Multiple denial of service in ntpd Category: contrib Module: ntp Announced: 2020-03-19 Credits: Philippe...

FreeBSD-SA-20:07.epair

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:07.epair Security Advisory The FreeBSD Project Topic: Incorrect user-controlled pointer use in epair Category: core Module: kernel Announced: 2020-03-19...

ManageEngine Applications Manager License Key Disclosure

License key disclosure vulnerability in ManageEngine Applications Manager Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

FreeBSD-SA-20:08.jail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:08.jail Security Advisory The FreeBSD Project Topic: Kernel memory disclosure with nested jails Category: core Module: kern Announced: 2020-03-19 Credits:...

shuffleDNS - Wrapper Around Massdns Written In Go That Allows You To Enumerate Valid Subdomains

shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support. Based on the work on massdns project by @blechschmidt. Features Simple and modular code ba...

Razer: Source Code Disclosure

The tester discovered a PHP file with source code exposed. There was no known exploit...

Cross site request forgery (csrf)

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...

CVE-2020-10105

Affected product/version: Zammad 3.0–3.2. Vulnerability: An issue causes the server to return the source code of static resources when handling an OPTIONS request instead of a GET request. Specifically, the 404.html file under /zammad/public/404.html is disclosed. Impact (as stated): Disclosure o...

CVE-2020-10105

An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html...

Coupon Pusher CMS suffers from XSS vulnerability

Push Couponer CMS is a completely free Taobao coupon website source code program, can automatically collect goods with coupons, automatically apply for high commission plan. Push Couponer CMS has an XSS vulnerability that can be exploited by attackers to obtain administrator cookies...

CVE-2019-10796

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

DEBIAN-CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

Directory traversal

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

U.S. Dept Of Defense: Admin Login Credential Leak for DoD Gitlab EE instance

Summary A DoD employee/contractor exposed the ███ password in a GitHub repository █████████ leading to full ███ access in a DoD DISA-associated private Gitlab EE instance ███. Description The IP address ████ recently hosted the subdomain █████████ as of 2019-09-23. ██████ Now port 80 points to a...

Building a bypass with MSBuild

By Vanja Svajcer. NEWS SUMMARY Living-off-the-land binaries LoLBins continue to pose a risk to security defenders. We analyze the usage of the Microsoft Build Engine by attackers and red team personnel. These threats demonstrate techniques T1127 Trusted Developer Utilities and T1500 Compile After...

CVE-2020-9013

Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting from the HTML source code...