Real Name | Jeremy Brown |
---|---|
Email address | private |
Website | www.patchtuesday.org |
First Active | 2008-07-15 |
Last Active | 2021-01-04 |
PIMT is a Public Infrastructure Monitoring Tool (pronounced PIM-tee). It queries common recon tools for publicly available data regarding particular organizations based on the domains and keywords provided. It is not meant to provide complete coverage for every external asset that belongs to a company as attackers usually do not have this detailed info or mapping either. One can use it to paint some sort of picture of what external attackers may be looking at, the changes occurring over time and insight for how to further harden the perimeter. The key idea being to provide valuable data to red teams as well as addition al monitoring capabilities for defenders.
15640e4fe41be31efdca68b52b77e376
Zoom version 4.6.239.20200613 suffers from a Meeting Connector post-authentication remote root code execution vulnerability via the proxy server functionality. The latest Zoom client has this issue patched per Zoom.
502538df7bfbda265c17c493f89179b7
Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default key.
b9e467ddb7a4cfc15deec4d13e92486a
HPE Edgeline Infrastructure Manager suffers from multiple broken authorization flows that allow for administrative function access without authenticating and can allow for arbitrary password changes.
75012bca2029a5ddfe8ad8255b3f5f1b
Cassandra Web is vulnerable to directory traversal due to the disabled Rack::Protection module. Apache Cassandra credentials are passed via the CLI in order for the server to auth to it and provide the web access, so they are also one thing that can be captured via the arbitrary file read. Version 0.5.0 is affected.
5d45ddf35f9f55300493bfefe8020924
Stratodesk NoTouch Center virtual appliance suffers from a privilege escalation vulnerability. This was addressed in version 4.4.68.
f6ac4d9b376df40c169c841245383a04
estr2bc is a python script to convert arbitrary string input to Erlang bytecode.
095fa28eaa19faca6a6c82b238094580
This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
7c4130c9c91b99ff51567ab20d19ea6e
Remote exploit for Podman when configured with Varlink that allows for remote command execution, denial of service, directory traversal, and information disclosure vulnerabilities.
877a6bf3a116aaaf342e4d3eba5c9537
Ajenti suffers from a remote command execution vulnerability.
132a31448e87adbe514497f20f8d446f
Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.
7c7cd88d5b54f9d2ccbe3d190ca4c39e
Microsoft Windows 10 x86/x64 build 10.0.14393 WLAN autoconfig named pipe denial of service proof of concept exploit.
d78a9bd236d6a1942ee373d12364f61f
BlackStratus LOGStorm has multiple vulnerabilities that allow a remote unauthenticated user, among other things, to assume complete control over the virtual appliance with root privileges. This is possible due to multiple network servers listening for network connections by default, allowing authorization with undocumented credentials supported by appliance's OS, web interface and sql server. Versions 4.5.1.35 and 4.5.1.96 are affected.
229e9c7351054e6f28651057eb3cffda
ShakeIt is a grammar mutation engine targeting browsers and PDF readers. For a given input, such as a web page or PDF file, and an output location, it will generate N mutated test cases. It was implemented in C#, but can be ported to other languages and is meant to fit within an existing fuzzing framework.
54c861884798451395aeaab5988a76c7
Portmanteau is an experimental unix driver IOCTL security tool that is useful for fuzzing and discovering device driver attack surface.
e1ff72313a6273d9d6517fa2acc9504a
Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free() calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow for arbitrary code execution.
1df4218448d7ac2e97f07d47f005d627
Seagate Central by default has a passwordless root account (and no option to change it). This exploit logs into the ftp server and uploads a php shell to the webroot. From there, the uploaded shell can execute commands with root privileges as lighttpd.
2a6158d11c1b40429f00b3cddeb09daf
Seagate Central stores linked Facebook account access tokens in /etc/archive_accounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archive_accounts.ser file which contains access tokens and reuses the unencrypted and unprotected (-rw-r--r--) access tokens for a chosen scope to return data.
7cd4d2e2bae235e1c45b77da702e1e5f
Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall, and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can allow for at least local privilege escalation on several platforms. It also may be remotely exploitable via CSRF-like attacks utilizing a modified web-based VNC client (eg. a Java VNC client).
9fc05c99e3ced7baa78fc5b8a35e8e13
EMC PowerPath vApp contains undocumented user accounts that may potentially be utilized by malicious users to gain limited unauthorized access to the system. Version 1.x is affected.
c7eff923a0c604ac98bf2cc310e95742
There is an authentication bypass vulnerability in ClearSCADA that can be exploited by triggering an exception in dbserver.exe and taking advantage of the way the program handles it.
5a91b8965b0bd7e42547ec87525ee02b
Apache OpenOffice suffers from a vulnerability that is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Versions affected include Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
5ff23bea25fe066db860831c72f1dc8a
This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.
c305987e1b5b0f2ca5be4dc99b9547a1
This Metasploit module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3.
f525bc1c9d5f21294e79afd950a4acc6
This Metasploit module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service (nssylogd.exe) when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003 SP2.
94b5565ea73b5e2ffa5148137c79b1af