GHSA-83PF-V6QQ-PWMR Fickling has a detection bypass via stdlib network-protocol constructors

Our assessment imtplib, imaplib, ftplib, poplib, telnetlib, and nntplib were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/6d20564d23acf14b42ec883908aed159be7b9ade. The UnusedVariables heuristic works as expected. Original report Summary Fickling's checksafety...

Froxlor 2.0.3 Stable Remote Code Execution

!/usr/bin/python3 Exploit Title: Froxlor 2.0.3 Stable - Remote Code Execution RCE Date: 2023-01-08 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2023-0315 Vendor Homepage: https://froxlor.org/ Version: v2.0.3 Tested on: Ubuntu 20.04 / PHP 8.2 import telnetlib import requests import socket import...

Cisco Data Center Network Manager 11.2.1 SQL Injection

!/usr/bin/python """ Cisco Data Center Network Manager HostEnclHandler getVmHostData SQL Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 - FileName: dcnm-installer-x64-windows.11.2.1.exe.zip - Siz...

MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python import socket import struct import sys import telnetlib NETBIOSSESSIONMESSAGE = "\x00" NETBIOSSESSIONREQUEST = "\x81" NETBIOSSESSIONFLAGS = "\x00" trick from http://shell-storm.org/shellcode/files/shellcode-881.php wil...

MikroTik RouterOS 6.41.36.42rc27 - SMB Buffer Overflow

MikroTik RouterOS 6.41.36.42rc27 - SMB Buffer Overflow !/usr/bin/env python import socket import struct import sys import telnetlib NETBIOSSESSIONMESSAGE = "\x00" NETBIOSSESSIONREQUEST = "\x81" NETBIOSSESSIONFLAGS = "\x00" trick from http://shell-storm.org/shellcode/files/shellcode-881.php will...

MobaXtrem 10.2 Remote Code Execution Exploit

Exploit for windows platform in category remote exploits ''' Exploit Title: MobaXtrem 10.2 telnet Server Remote Code Execution Date: 15/5/2017 Exploit Author: Sultan Albalawi Software Link: http://download.mobatek.net/10220170312132617/MobaXtermPortablev10.2.zip Version: 10.2 Tested on: win7 CVE ...

Moxa AWK-3131A 1.4 &lt; 1.7 - &#039;Username&#039; OS Command Injection

!/usr/bin/env python2 import telnetlib import re import random import string Split string into chunks, of which each is /var/a' - 1 completed = temp = re.split'\n', script for content in temp: if lencontent != 0: for s in re.split' ', content: if ' ' in s: s = '\x20' if '\n' in s: s = '\n' else:...

QNX--6.5.0-QCONN-1.4.207944

Title : QNX QCONN Remote Command Execution Vurnerability Version : QNX 6.5.0 QCONN 1.4.207944 Download: http://www.qnx.com/download/feature.html?programid=23665 QNX Neutrino 6.5.0 SP1 Vendor : http://www.qnx.com import telnetlib import sys if lensys.argv " print " + Ex QCONNRC.py 192.168.0.1 8000...

TP-Link TL-PS110U Print Server - tplink-enum.py Security Bypass

TP-Link TL-PS110U Print Server - tplink-enum.py Security Bypass source: https://www.securityfocus.com/bid/60682/info TP-LINK TL-PS110U Print Server is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive informatio...

QNX QCONN Remote Command Execution

Title : QNX QCONN Remote Command Execution Vurnerability Version : QNX 6.5.0 = , QCONN = 1.4.207944 Download: http://www.qnx.com/download/feature.html?programid=23665 QNX Neutrino 6.5.0 SP1 Vendor : http://www.qnx.com Date : 2012/09/09 CVE : N/A Exploit Author : Mor!p3rmoriperatgmail.com import...

INSECT Pro 2.7 - Penetration testing tool download

INSECT Pro 2.7 - Penetration testing tool download INSECT Pro 2.7 - Ultimate is here! This penetration security auditing and testing software solutionis designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active...