Koadic: An Advanced Windows JScript/VBScript RAT!

PenTestIT RSS Feed All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which...

Nexon Games Privilege Escalation

----------------------------------------------------------------------------------------------------------------- Exploit Title: Multiples Nexon Games - Privilege Escalation Unquoted path vulnerabilities Date: 13/05/2016 Exploit Author : Cyril Vallicari Vendor Homepage: http://www.nexon.net/...

Nexon Games - Unquoted Path Privilege Escalation

Exploit for windows platform in category local exploits ----------------------------------------------------------------------------------------------------------------- Exploit Title: Multiples Nexon Games - Privilege Escalation Unquoted path vulnerabilities Date: 13/05/2016 Exploit Author : Cyr...

Multiples Nexon Games - Unquoted Path Privilege Escalation

----------------------------------------------------------------------------------------------------------------- Exploit Title: Multiples Nexon Games - Privilege Escalation Unquoted path vulnerabilities Date: 13/05/2016 Exploit Author : Cyril Vallicari Vendor Homepage: http://www.nexon.net/...

Multiples Nexon Games - Unquoted Path Privilege Escalation

Multiples Nexon Games - Unquoted Path Privilege Escalation ----------------------------------------------------------------------------------------------------------------- Exploit Title: Multiples Nexon Games - Privilege Escalation Unquoted path vulnerabilities Date: 13/05/2016 Exploit Author :...

Zombies Lifeline... - Dangerous filesystem permissions, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Zombies Lifeline... published at the 'play' market has multiple vulnerabilities...

Clash of Zombies II - WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Clash of Zombies II published at the 'play' market has multiple vulnerabilities...

Battle of Zombies: Clans MMO - Dangerous filesystem permissions, Insecure KeyStore, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Battle of Zombies: Clans MMO published at the 'play' market has multiple vulnerabilities...

Stupid Zombies 2 - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Stupid Zombies 2 published at the 'play' market has multiple vulnerabilities...

Ludo Zombies - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Ludo Zombies published at the 'play' market has multiple vulnerabilities...

Stupid Zombies - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Stupid Zombies published at the 'play' market has multiple vulnerabilities...

Call of Mini: Zombies - Corrupted files, Customized SSL, Exported components vulnerabilities

HackApp vulnerability scanner discovered that application Call of Mini: Zombies published at the 'play' market has multiple vulnerabilities...

ZOMBIES ATE MY FRIENDS - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application ZOMBIES ATE MY FRIENDS published at the 'play' market has multiple vulnerabilities...

Pixel Zombies Hunter - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Pixel Zombies Hunter published at the 'play' market has multiple vulnerabilities...

SAMURAI vs ZOMBIES DEFENSE 2 - Base64 encoded String, Customized SSL, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application SAMURAI vs ZOMBIES DEFENSE 2 published at the 'play' market has multiple vulnerabilities...

Zombies, Run! (Free) - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Zombies, Run! Free published at the 'play' market has multiple vulnerabilities...

UFONet Open Redirect DDoS Attack

UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet. See this links for more info: CWE-601:Open Redirect OWASP:URL Redirector Abuse Installing UFONet UFONet runs on many platforms. It requires Python 2.x.y...

CVE-2014-5629

The Stupid Zombies aka com.gameresort.stupidzombies application 1.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Stupid Zombies aka com.gameresort.stupidzombies application 1.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5629

The CVE-2014-5629 entry concerns The Stupid Zombies (com.gameresort.stupidzombies) Android app version 1.12. The vulnerability is that it does not verify X.509 certificates from SSL servers, which enables man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ...