Lucene search
K

124 matches found

Cvelist
Cvelist
added 2021/05/06 11:45 a.m.35 views

CVE-2021-31245

omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack...

6AI score0.02087EPSS
Exploits1References4
Kitploit
Kitploit
added 2021/05/04 9:30 p.m.247 views

Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for session online. Pystinger is developed in python, and currently supports three proxy scripts: php, jspx and aspx. Usage Suppose the domain name of the serv...

7.1AI score
Exploits0References4
The Hacker News
The Hacker News
added 2021/04/06 1:43 p.m.263 views

Watch Out! Mission Critical SAP Applications Are Under Active Attack

Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common securit...

10CVSS0.3AI score0.98266EPSS
Exploits23
Kitploit
Kitploit
added 2021/03/05 11:30 a.m.24 views

CertEagle - Asset monitoring utility using real time CT log feeds

In Bugbounties “If you are not first , then you are last ” there is no such thing as silver or a bronze medal , Recon plays a very crucial part and if you can detect/Identify a newly added asset earlier than others then the chances of you Finding/Reporting a security flaw on that asset and gettin...

7AI score
Exploits0References5
Hacker One
Hacker One
added 2020/09/09 8:28 p.m.253 views

Shopify: Cache poisoning via X-Forwarded-Host in www.shopify.com/partners/blog

Hello, run in loop requests with X-Forwarded-Host: yourhackerzsite.com - after some time You will notice in response yourhackerzsite.com F981839 now remove X-Forwarded-Host - there still be our url: F981841 i've logged to my VPS to verify this bug and downloaded poisoned page...

0.2AI score
Exploits0
Kitploit
Kitploit
added 2020/09/06 11:30 a.m.63 views

VPS-Docker-For-Pentest - Create A VPS On Google Cloud Platform Or Digital Ocean Easily With The Docker For Pentest

Create a VPS on Google Cloud Platform or Digital Ocean easily with the docker for pentest included to launch the assessment to the target. Requirements Terraform installed Ansible installed SSH private and public keys Google Cloud Platform or Digital Ocean account. Usage 1.- Clone the repository...

7.3AI score
Exploits0References2
Hacker One
Hacker One
added 2020/06/10 10:8 p.m.127 views

GSA Bounty: Blind SSRF on https://labs.data.gov/dashboard/Campaign/json_status/ Endpoint

Summary: Due to improper routes handling multiple malicious actions are possible. Attacker is able to call Class/Function/Param1/Param2 directly from source code. this may lead to call function that should be not accessible from GUI. Any Class from...

7AI score
Exploits0
Kitploit
Kitploit
added 2020/04/17 1:0 p.m.58 views

Pwndrop - Self-Deployable File Hosting Service For Red Teamers, Allowing To Easily Upload And Share Payloads Over HTTP And WebDAV

pwndrop is a self-deployable file hosting service for sending out red teaming payloads or securely sharing your private files over HTTP and WebDAV. If you've ever needed to quickly set up an nginx/apache web server to host your files and you were never happy with the limitations of python -m...

7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2020/03/24 9:1 p.m.49 views

Unknown 'WildPressure' Malware Campaign Lets Off Steam in Middle East

A malware campaign that shares no known similarities to previous attacks has been uncovered, targeting organizations in the Middle East. Dubbed “WildPressure,” the campaign used a previously unknown malware that researchers named Milum, after the C++ class names inside the code. According to...

7.2AI score
Exploits0References9
Kitploit
Kitploit
added 2020/02/16 8:30 p.m.94 views

Syborg - Recursive DNS Subdomain Enumerator With Dead-End Avoidance System

Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool simply constructs a domain name and queries it with a specified DNS Server. Syborg has a Dead-end Avoidance system inspired from @Tomnomnom's ettu. When you run subdomain enumeration with some of...

7AI score
Exploits0References6
HackRead
HackRead
added 2020/01/16 5:46 p.m.36 views

How to Secure Your VPS and Dedicated Servers from Hackers

By Waqas Your decision to use a dedicated server or a VPS likely stems from a desire to have greater access to... This is a post from HackRead.com Read the original post: How to Secure Your VPS and Dedicated Servers from Hackers...

2.7AI score
Exploits0
NVD
NVD
added 2019/11/09 3:15 a.m.23 views

CVE-2009-4011

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console...

8.1CVSS8.1AI score0.0097EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/11/09 3:15 a.m.42 views

CVE-2009-4011

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console...

8.1CVSS7.2AI score0.0097EPSS
Exploits0References1
Prion
Prion
added 2019/11/09 3:15 a.m.16 views

Race condition

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console...

6.8CVSS7AI score0.0097EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/09 2:49 a.m.27 views

CVE-2009-4011

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console...

8.1AI score0.0097EPSS
Exploits0References3
CVE
CVE
added 2019/11/09 2:49 a.m.190 views

CVE-2009-4011

dtc-xen is a SOAP daemon used for Xen VM management. The CVE-2009-4011 issue is a race condition in dtc-xen 0.5.x before 0.5.4, caused by mishandling of concurrent access to shared resources, enabling an attacker to gain a bash shell as the xenXX user on dom0 and potentially reuse an already open...

8.1CVSS7.9AI score0.0097EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2019/11/09 2:49 a.m.44 views

CVE-2009-4011

Removed by vendor...

8.1CVSS8.2AI score0.0097EPSS
Exploits0
Kitploit
Kitploit
added 2019/10/27 12:30 p.m.156 views

AutoSploit v4.0 - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been select...

7.9AI score
Exploits0References13
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/07/01 7:1 a.m.65 views

Ninja Turtles in your network: LAN Turtle 3G. A how-to for red teaming

Introduction This post will detail how to configure and utilise a LAN turtle 3G from Hak 5 to gain a persistent, remotely accessible presence within a network. With ethernet ports becoming less common on new hardware, many people have been forced into deploying an array of various dongles and...

7.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/05/29 8:18 a.m.166 views

Securing your red team kit with Uncomplicated Firewall

After reading Identifying Cobalt Strike team servers in the wild I started thinking, why are people not firewalling off their kit? If you read the above post and I suggest you do, you will see under section “Scanning and Results” that the research concluded that 7718 unique Cobalt Strike CS team...

6.7AI score
Exploits0
Rows per page
Query Builder