Clik here to view.
GNU bash Environment Variable Command Injection
Exploit Database Note:The following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/Like “real” programming languages,...
View ArticleClik here to view.
Metasploit: EMC AlphaStor Device Manager Opcode 0x75 Command Injection
require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::CmdStager def initialize(info = {})...
View ArticleClik here to view.
Metasploit: Advantech WebAccess dvs.ocx GetColor Buffer Overflow
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Quick notes about the bash bug, its impact, and the fixes so far
We spent a good chunk of the day investigating the now-famous bash bug, so I had no time for too many jokes about it on Twitter - but I wanted to jot down several things that have been getting drowned...
View ArticleClik here to view.
SE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep...
=== LSE Leading Security Experts GmbH - Security Advisory LSE-2014-06-10 ===Perl CORE - Deep Recursion Stack Overflow-----------------------------------------Affected Versions=================Perl...
View ArticleClik here to view.
SpoofMAC - Spoof your MAC address
For OS X, Windows, and Linux (most flavors)I made this because changing your MAC address in Mac OS X is harder than it should be. The biggest annoyance is that the Wi-Fi card (Airport) needs to be...
View ArticleClik here to view.
Ok, shits real. Its in the wild.
First in-wild attack to hit my sensors -Remote exploit vulnerability in bash CVE-2014-6271here............https://gist.github.com/anonymous/929d622f3b36b00c0be1
View ArticleClik here to view.
Two SQL Injections in All In One WP Security WordPress plugin
Advisory ID: HTB23231Product: All In One WP Security WordPress pluginVendor: Tips and Tricks HQ, Peter, Ruhul, IvyVulnerable Version(s): 3.8.2 and probably priorTested Version: 3.8.2Advisory...
View ArticleClik here to view.
ZyXEL Prestig P-660HNU-T1v2 Credential Disclosure
#!/usr/bin/perl# Exploit Author: Sebastián Magof# Hardware: ZyXEL Prestig P-660HNU-T1# Vulnerable file: wzADSL.asp# location: http://gateway/cgi-bin/wzADSL.asp# Bug: ISP usr+pwd disclosure# Type:...
View ArticleClik here to view.
Paper: Malware Propagation in Large-Scale Networks
Abstract—Malware is pervasive in networks, and poses a critical threat to network security. However, we have very limited understanding of malware behavior in networks to date. In this paper, we...
View ArticleClik here to view.
HAKA Runtime
What is HAKAHaka is a collection of tool that allows capturing TCP/IP packets and filtering them based on Lua policy files.more here.............https://github.com/haka-security/haka
View ArticleClik here to view.
shellshock-hunter
Search Bing and concurrently test each result for vulnerability to CVE-2014-6271: remote code execute bug in bash otherwise known as Shellshock.more...
View ArticleClik here to view.
MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities...
Mogwai Security Advisory MSA-2014-02----------------------------------------------------------------------Title: JobControl (dmmjobcontrol) Multiple VulnerabilitiesProduct:...
View ArticleClik here to view.
A guide to RegRipper and the art of timeline building
I have often heard RegRipper mentioned on forums and websites and how it was supposed to make examining event logs, registry files and other similar files a breeze. RegRipper is developed and...
View ArticleClik here to view.
National Express print-at-home vulnerability
This is a fine example of developers being lazy and how not to implement "security".National Express are one of the biggest public transport companies in the UK with a huge fleet of coaches and...
View ArticleClik here to view.
SmarterTools Smarter Track 6-10 - Information Disclosure Vulnerability
Document Title:===============SmarterTools Smarter Track 6-10 - Information Disclosure VulnerabilityReferences...
View ArticleClik here to view.
Oracle Corporation MyOracle - Persistent Vulnerability
Document Title:===============Oracle Corporation MyOracle - Persistent VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1261Oracle Security ID...
View ArticleClik here to view.
GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability
Document Title:===============GS Foto Uebertraeger v3.0 iOS - File Include VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1325Release...
View ArticleClik here to view.
Paypal Inc Bug Bounty #16 - Persistent Mail Encoding Vulnerability
Document Title:===============Paypal Inc Bug Bounty #16 - Persistent Mail Encoding VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=660Release...
View ArticleClik here to view.
Attacks against Boletos
José is a very suspicious person. He never uses internet banking services or buys anything using a credit card. Indeed, he doesn't even have one. He doesn't trust any of these modern technologies in...
View Article