SUSE-SU-2020:0712-1 Security update for skopeo

This update for skopeo fixes the following issues: Update to skopeo v0.1.41 bsc1165715: - Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 - Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 - Bump github.com/containers/common from 0.0.7 to 0.1.4 - Remove the reference to openshift/api - vendor...

Exploit for CVE-2019-15231

This repository contains a collection of exploits for various vulnerabilities, including unauthenticated remote command execution RCE and directory traversal. The exploits are written in Python and utilize various libraries such as requests and pymongo. The repository includes exploits for the...

Exploit for Use After Free in Microsoft

sectoolset -- Github安全相关工具集合 主要内容： 0x00 漏洞利用实战练习&CTF安全竞赛 0x01 安全扫描器 0x02 安全防守 0x03 渗透测试 0x04 漏洞库及利用工具（POC，EXP 0x05 二进制及代码分析工具 0x06 威胁情报&蜜罐 0x07 安全文档资料 0x11 所有内容 乌云镜像 乌云镜像 乌云镜像,河蟹 近期安全热点 facebook又爆出大量数亿用户隐私数据泄露 CVE-2019-14378 QEMU VM Escape严重漏洞，影响KVM等QEMU为后端的虚拟平台 CVE-2019-10173 Xstream 远程代码执行漏洞...

Coronavirus related cyber attacks hit HHS in US, testing center in Czech

By Deeba Ahmed Who could have imagined cyber criminals will use Coronavirus pandemic to steal data and make quick money? This is a post from HackRead.com Read the original post: Coronavirus related cyber attacks hit HHS in US, testing center in Czech...

Pentest Tools Framework - A Database Of Exploits, Scanners And Tools For Penetration Testing

Pentest Tools Framework is a database of exploits, Scanners and tools for penetration testing. Pentest is a powerful framework includes a lot of tools for beginners. You can explore kernel vulnerabilities, network vulnerabilities. NEWS Modules PTF UPDATE PTF OPtions...

QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"

Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the ID parameter to inject arbitrary SQL statements into the underlying prepared statement. This leads ...

SSRF Sheriff - A Simple SSRF-testing Sheriff Written In Go

This is an SSRF testing sheriff written in Go. It was originally created for the Uber H1-4420 2019 London Live Hacking Event, but it is now being open-sourced for other organizations to implement and contribute back to. Features Repsond to any HTTP method GET, POST, PUT, DELETE, etc. Configurable...

Persian VIP Download Script 1.0 - (active) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Persian VIP Download Script 1.0 - 'active' SQL Injection Exploit Author: S3FFR Vendor HomagePage: http://download.freescript.ir/scripts/Persian-VIP-DownloadFreeScript.ir.zip Version: = 1.0 Final Version Tested on: Windows,Linux...

Persian VIP Download Script 1.0 SQL Injection

Exploit Title: Persian VIP Download Script 1.0 - 'active' SQL Injection Data: 2020-03-09 Exploit Author: S3FFR Vendor HomagePage: http://download.freescript.ir/scripts/Persian-VIP-DownloadFreeScript.ir.zip Version: = 1.0 Final Version Tested on: Windows,Linux Google Dork: N/A...

HackerOne H1P BBP1: Testing

asdajnsdjasndkjas...

HTTP Asynchronous Reverse Shell - Asynchronous Reverse Shell Using The HTTP Protocol

Today there are many ways to create a reverse shell in order to be able to remotely control a machine through a firewall. Indeed, outgoing connections are not always filtered. However security software and hardware IPS, IDS, Proxy, AV, EDR... are more and more powerful and can detect these attack...

Entropy Toolkit - A Set Of Tools To Exploit Netwave And GoAhead IP Webcams

Entropy Toolkit is a set of tools to exploit Netwave and GoAhead IP Webcams. Entropy is a powerful toolkit for webcams penetration testing. Getting started Entropy installation cd entropy chmod +x install.sh ./install.sh Entropy uninstallation cd entropy chmod +x uninstall.sh ./uninstall.sh Entro...

Exploit for Classic Buffer Overflow in Microsoft

This is a Python script that exploits the CVE-2017-7269 vulnerability in IIS servers. The script sends a specially crafted HTTP request to the target server, which triggers a remote code execution vulnerability. The script then receives the response from the server and prints it to the console...

The vulnerability in the software web interface for Cisco Webex Events, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center allows a perpetrator to trigger a service failure.

The vulnerability of software web interfaces for Cisco WebEx Events, Cisco WebEx Meeting Center, Cisco WebEx Support Center, and Cisco WebEx Training Center exists due to insufficient testing of UCF media files. Exploiting this vulnerability can allow attackers to cause service failures by sendin...

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the collection includes various environments with different vulnerabilities, such as SQL injection, cross-site scripting XSS, and server-side template...

Walgreens Mobile App Leaks Prescription Data

Popular pharmacy chain Walgreens is warning that a bug in its official mobile app may have exposed sensitive data, including customers’ full names and information on prescriptions for medications they are taking. The security issue stemmed from an “error” in the personal secure messaging feature ...

Performance Testing: Justifying Cost and Performance Improvements (Part 2)

As mentioned in the first blog in this series, Melanie, a performance engineer at VMware Carbon Black, built both baseline and investigative tests for the engineers that develop and maintain the company’s reputation services. Here’s a deeper look at these tests and how they helped the company...

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码：a6ob 漏洞利用 下载jar包，然后使用marshalsec起一个恶意的RMI服务，本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

Polyshell - A Bash/Batch/PowerShell Polyglot!

PolyShell is a script that's simultaneously valid in Bash, Windows Batch, and PowerShell i.e. a polyglot. This makes PolyShell a useful template for penetration testing as it can be executed on most systems without the need for target-specific payloads. PolyShell is also specifically designed to ...

Exploit for CVE-2020-2551

CVE-2020-2551 WebLogic IIOP Deserialization Testing E...