Hashcat Wrapper for Distributed Hashcracking: Hashtopolis

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis’s development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...

Infinite Redirects

Apache ignite-web is vulnerable to infinite redirects. The vulnerability exists because the request wrapper does not override the isRequestedSessionIdValid function to correctly perform the validation of web session, causing infinite redirections if Spring Security configuration has...

Hashtopolis - A Hashcat Wrapper For Distributed Hashcracking

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...

UBUNTU-CVE-2018-10119

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service use-after-free with write access or possibly have unspecified other impact via a crafted...

CVE-2018-10119

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service use-after-free with write access or possibly have unspecified other impact via a crafted...

Drupal Entity API Module Security Bypass Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. entity API is one of the API modules that can handle entities and attributes in a unified way. entity wrapper access API is one of the entity wrapper access API application program...

PHP Stack Buffer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

UBUNTU-CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

meg+ - Automated Reconnaissance Wrapper

This wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when approaching a target. meg+ also allows you to scan all your in-scope targets on HackerOne in one go — it simply retrieves them using a...

OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

OpenJDK: GSS context use-after-free (JGSS, 8186212)

It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...

VulnCheck KEV: CVE-2012-2335

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with...

DNSExfiltrator - Data exfiltration over DNS request covert channel

DNSExfiltrator allows for transfering exfiltrate a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel. DNSExfiltrator has two sides: 1. The server side , coming as a single python script dnsexfiltrator.py, which act...

Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation Exploit

Exploit for macOS platform in category local exploits A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which unfortunately...

CVE-2017-7831

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "exposedProps" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox 57...

docpad-plugin-hapi (>=2.0.13 <=2.3.3), hapi-advisories (>=0.0.1 <=0.0.6) +7 more potentially affected by CVE-2014-3742 via hapi (>=2.0.0 <=2.1.2)

hapi NPM version =2.0.0, =2.0.13, =0.0.1, =0.9.2, =0.3.0, =0.14.0, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =1.0.0 Source cves: CVE-2014-3742 Source advisory: OSV:GHSA-CQR7-78PJ-3G7J...

ShadowSocks ConnecTion - A Wrapper Tool For Shadowsocks To Consistently Bypass Firewalls

A wrapper tool for shadowsocks to consistently bypass firewalls. Quick start Automatically connect The easiest way to run this tool is just type ssct in terminal, and ssct will acquire available shadowsocks servers from ishadowsocks and connect to it automatically. Connect to a specific server...

Design/Logic Flaw

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 4.0.24 and earlier allows a non-root user to obtain a root shell...

CVE-2017-12579

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 4.0.24 and earlier allows a non-root user to obtain a root shell...