Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
2d3651e2af953902431ca3f079d5b496
This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.
7a9d7962c7566662c546f3360497c2ce
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
2c61e18d0d5064448f2e903b816c40c2
FreeSMS version 2.1.2 suffers from a remote SQL injection vulnerability.
316f4f93b8f9e38f9d63848a54a5780d
Manage Engine ServiceDesk Plus version 9.3 suffers from a privilege escalation vulnerability.
1002f34a48dca093d9f6ba8b13e8de38
AIDA64 Extreme version 5.99.5900 logging SEH buffer overflow exploit.
fb5c4a6cf9ca1e18531efbe7ee7e4921
WordPress Contact Form Maker plugin version 1.13.1 suffers from a cross site request forgery vulnerability.
8c0bd2ff5a15ebfbedbed8b0189b5608
Lupusec XT2 Plus Main Panel with firmware 0.0.2.19E suffers from shared private keys for SSL certificates, root passwords derived from the MAC address, information disclosure, and cross site request forgery vulnerabilities.
a40592492ffe2815d8e24f02bc4755da
Ubuntu Security Notice 3936-1 - It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code.
afc68be4b0825b647878ffa93501ccc3
Ubuntu Security Notice 3937-1 - Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
4c5be938f6500ff73e08b36e651987a9
Gentoo Linux Security Advisory 201904-9 - Multiple vulnerabilities have been found in Xen, the worst of which could result in privilege escalation. Versions less than 4.10.3-r2 are affected.
bb20a6ef08ff0872451ca9fe79100fb3
Debian Linux Security Advisory 4423-1 - Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used.
275bce06f569381caffe03f4077eb7f2
Magic ISO Maker version 5.5 build 281 suffers from a denial of service vulnerability.
d41b73f334ba66052eaf185775b1a2cb
Chrome version 73.0.3683.86 stable exploit for chromium issue 941743, tested on Windows 10 x64, which leverages a flaw in the V8 javascript engine.
3942490d2a3c9f4e77eb820e2de2a909
Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.
a10477996e9695e8e509d183fa786a50
AIDA64 Engineer version 5.99.4900 Load from file field SEH buffer overflow exploit.
d8c1dcc0b87d50428eef0b3a500afadd