Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
b9eda40dc7133d2369b344300b056ee97cf546f41848fcb8094cb573d87b5007Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
16ed596c8c283b8e4c635ada25ceb042371384ae09b3238a658ca60801a73c24This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination ByteArray can be used to cause an integer overflow and write contents out of the ByteArray buffer. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 14.0.0.176, 14.0.0.145 and 14.0.0.125.
0261f65421dd66c2140dc4d01ec869ffa16a08028c90426650ee76ecbe40cc47This Metasploit module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
66a2afe428abc2bc5fd7a07e29076cf8d642726dfba85da1125d083fa522fa6eThis Metasploit module exploits an arbitrary PHP code upload in the WordPress N-Media Website Contact Form plugin, version 1.3.4. The vulnerability allows for arbitrary file upload and remote code execution.
06defc0f9a3b1e41269ef7d6c96eebcf75e56a0475dd25a9e1826f8f400e3fd3This Metasploit module exploits an arbitrary PHP code upload in the WordPress Creative Contact Form version 0.9.7. The vulnerability allows for arbitrary file upload and remote code execution.
f67d354bf1423deeda6860a5375cc709458e085127ee4fde423e1181e6630458This Metasploit module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.
99dafcf218991769dca62fedd1f31fd6083ce929bdd0f494ed3fe6bdff34ddcbLychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator.
838f6b6bb47ee54cd93284f806f636dbf53c9df7899e9dd5db885f98f9535dc9Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities.
7bdfe59dc30a3b71753bd3a33281c2051ca69929c42f568988b546e2de5d4ccdSecunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a sign extension error in ibpsd2.dll when processing PSD files, which can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerability may allow execution of arbitrary code. Oracle Outside In versions 8.4.1, 8.5.0, and 8.5.1 are affected.
881fefe28d05888ab8bb824adc584939c717d9e3fd0ffb3517681895051b5cb4Gentoo Linux Security Advisory 201504-7 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 11.2.202.457 are affected.
b4d1f33ae090d323723fea5ea3b1e7183793f2901305dbd8d27932e24e8dda88Gentoo Linux Security Advisory 201504-6 - Multiple vulnerabilities have been found in X.Org X Server, allowing attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 1.12.4-r4 are affected.
02bfcf82733cc51a9e7242f086fd8e7f523654b1b9c474a9238aec3001352a0fRed Hat Security Advisory 2015-0854-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
63fb2eee82ffd6233a18a0a0dd56ff5da078eb57b76a6fbf6d67f5269c0b212cThe CFChart servlet of BlueDragon (component com.naryx.tagfusion.cfm.cfchartServlet) is vulnerable to arbitrary file retrieval due to a directory traversal vulnerability. In certain circumstances the retrieved file is also deleted. Versions 7.1.1.17759 is affected.
c7fba25e82be748cfef6834fae314b9c87f9647ed21ced05ff757e5a06e0bb5fADB backup on Android version 4.0.4 allows for file overwrite via modified tar headers.
05f57d5729d25c00164ccfa74bfb76fe4328bb79a10efd4cf3e895cd21b26843The doSendObjectInfo() method of the MtpServer class implemented in frameworks/av/media/mtp/MtpServer.cpp on Android 4.4 does not validate the name parameter of the incoming MTP packet, leading to a path traversal vulnerability.
9645f86fa24dbcf40e5f7dd36ca986ccbcd0f124fb94b860bde8a37c6cb42100WordPress Content Slide plugin version 1.4.2 suffers from cross site request forgery and stored cross site scripting vulnerabilities.
4766ca76e4e167f91e8d6586e49ab8b197c4767255485e74d57daa27c79079edMany 112 ipTIME routers / modems / firewalls suffer from a remote root code execution vulnerability.
fc4b268b4814bbad49e3581dca82b41858ee28e67ff5515ee4dee66d9f8e5093The Android backup agent implementation was vulnerable to privilege escalation and race condition. An attacker with adb shell access could run arbitrary code as the system (1000) user (or any other valid package). The attack is tested on Android OS 4.4.4.
179057ea228364a9ce3f89ec74a1a1873d65e8c8b3dd447dccc0af6935bf1a87WordPress Citizen Space plugin version 1.1 suffers from a cross site scripting vulnerability.
f85ae4ff7e5349a8c27498d31e4740d3b651ac5a808ca4756f703363ae30f397Local denial of service exploit for Mac OS X kernel versions prior to 10.10.3.
8b8206b45dab552c0adf67970b3e4fcfdbb4fc7e2eb2c3e21b6e0df9e621e2d3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed