exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

Files Date: 2020-11-19

GRAudit Grep Auditing Tool 2.8
Posted Nov 19, 2020
Authored by Wireghoul | Site justanotherhacker.com

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.

Changes: Updated Electron rules. Updated PHP rules. More scala rules and a scala signature set. Updated C rules. Updated Java rules. Many other updates as well.
tags | tool
systems | unix
SHA-256 | 25ed4c4c97f26a3df2dd64a41c356940753751abc3e5c7c9e0d7b682495221d9
American Fuzzy Lop plus plus 2.68c
Posted Nov 19, 2020
Authored by van Hauser, thc, Heiko Eissfeldt, Andrea Fioraldi, Dominik Maier | Site thc.org

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Changes: Added the GSoC excellent afl++ grammar mutator by Shengtuo. A few QOL changes for Apple and its outdated gmake. Various other updates and improvements.
tags | tool, fuzzer
systems | unix
SHA-256 | 862e155c97737770baa26ffedf324a7fa255b757c85b0c9a6f312264f2ca29c5
Global Socket 1.4.22
Posted Nov 19, 2020
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

tags | tool, tcp
systems | unix
SHA-256 | 17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7d
erfs 1.4
Posted Nov 19, 2020
Authored by thc, Skyper | Site thc.org

erfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.

tags | tool, remote, bash
systems | unix
SHA-256 | acabf88a256ecdeddf175c24b4263b0d4b660b4cd2c60eb52dccc56cdcbf11cf
THC Tips, Tricks, And Hacks Cheat Sheet
Posted Nov 19, 2020
Authored by thc | Site thc.org

This paper is a collection of THC's favorite tricks. Many of these tricks are not from them, they merely collect them. They show the tricks as-is without any explanation why they work. You need to know Linux to understand how and why they work.

tags | paper
systems | linux
SHA-256 | 07ddd32f849e88cecb82baf3b3250a7eb1c7d1d4a8c6cc06db0ab498817a4eb2
Oracle WebLogic Server Administration Console Handle Remote Code Execution
Posted Nov 19, 2020
Authored by wvu, Jang, voidfyoo | Site metasploit.com

This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0 from Vulhub (Linux) and on Windows. Warning! Multiple sessions may be created by exploiting this vuln.

tags | exploit, java
systems | linux, windows
advisories | CVE-2020-14750, CVE-2020-14882, CVE-2020-14883
SHA-256 | 6c879a4e9e6dc2c3ad319ed39819005bbf1975b59feee6d511f7f1140f97fd91
TestSSL 3.0.3
Posted Nov 19, 2020
Authored by Dr. Dirk Wetter | Site drwetter.org

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.

Changes: Updated certificate stores. BREACH is now medium. Dockerfile improvements. Various other updates and improvements.
tags | tool, scanner, protocol, bash
systems | unix
SHA-256 | 32bac618c807d5f960f68dd20d1a1b3988f4033d5535daa8ffcd26fca4a4dc43
Ubuntu Security Notice USN-4638-1
Posted Nov 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4638-1 - It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-8277
SHA-256 | 22de1321f37779e2a2d90f916ad60679e84d0748afd9a717f50205a77a95bd19
TCMalloc Inspector Tool
Posted Nov 19, 2020
Authored by Marcin Kozlowski | Site github.com

TCMalloc is an inspection tool that lets you parse and inspect tcmalloc internals, and detect lost memory, meaning memory which is not reachable via any (internal) pointers.

tags | tool
systems | unix
SHA-256 | 2b86aa20695ff99c9d185ed04df1ba3584158ebaa73e1ac6836170d8afc84ad0
Sokrates SOWA SowaSQL Cross Site Scripting
Posted Nov 19, 2020
Authored by Marek Holka

Sokrates SOWA SowaSQL suffers from a cross site scripting vulnerability. The module SOWA.WWW was fixed in version 4.8.16, whereas the module SOWA.OPAC was fixed in version 5.6.2.

tags | exploit, xss
advisories | CVE-2020-28350
SHA-256 | 126c83263ec1f977ca3ab7e64bbe290057fbec2da0c2f3bde1d8a8451fe4b9ca
TestBox CFML Test Framework 4.1.0 Arbitrary File Write / Code Execution
Posted Nov 19, 2020
Authored by Darren King

TestBox CFML Test Framework version 4.1.0 suffers from arbitrary file write and remote code execution vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution
SHA-256 | 233c49f03cbf8d45807a7927e676676ff08c5611513b7f16a38b6e2269b4f097
TestBox CFML Test Framework 4.1.0 Directory Traversal
Posted Nov 19, 2020
Authored by Darren King

TestBox CFML Test Framework version 4.1.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion
SHA-256 | 564d7395708184ec2af19cd4ab16e8142690010142bb9ee73b933525fb89b775
Gemtek WVRTM-127ACN 01.01.02.141 Command Injection
Posted Nov 19, 2020
Authored by Gabriele Zuddas

Gemtek WVRTM-127ACN version 01.01.02.141 suffers from an authentication arbitrary command injection vulnerability.

tags | exploit, arbitrary
advisories | CVE-2020-24365
SHA-256 | 288c20759376d1be2b2201de3eb7d9f660659dd2077eb3c2933919f67608b027
Internet Download Manager 6.38.12 Buffer Overflow
Posted Nov 19, 2020
Authored by Vincent Wolterman

Internet Download Manager version 6.38.12 suffers from a scheduler downloads scheduler buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 77157f59589b89e5782b1e7180f9a4549ec5495b926d3cc0be053079751dbf39
Nagios Log Server 2.1.7 Cross Site Scripting
Posted Nov 19, 2020
Authored by Emre OVUNC

Nagios Log Server version 2.1.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | a114564a42184343d9c6589e82df2fbc813bb7026cb726f7d8f2579fd2b930db
M/Monit 3.7.4 Password Disclosure
Posted Nov 19, 2020
Authored by Dolev Farhi

M/Monit version 3.7.4 suffers from a password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | a92ed4a23d80cabbc2f2973223f9125882573e59be97d5bf20768d3a5a796437
M/Monit 3.7.4 Privilege Escalation
Posted Nov 19, 2020
Authored by Dolev Farhi

M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | 940af9a4fdd41005d1f80fc80891326898228ca47a2d355adeb0d8951f939180
Gitlab 12.9.0 Arbitrary File Read
Posted Nov 19, 2020
Authored by Jasper Rasenberg

Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.

tags | exploit, arbitrary
SHA-256 | 3fa20aa2a7c614b9b11d6fbc0c9ba54d294469d6ed5ae63e80764789e70be637
Fortinet FortiOS 6.0.4 Password Modification
Posted Nov 19, 2020
Authored by Ricardo Longatto

Fortinet FortiOS version 6.0.4 suffers from an unauthenticated SSL VPN user password modification vulnerability.

tags | exploit
advisories | CVE-2018-13382
SHA-256 | f1f2146ee2e6b708b1cc15143c5c2571d40fb33b9a3a20e0b020cbf4fb46d4d6
xuucms 3 SQL Injection
Posted Nov 19, 2020
Authored by icekam

xuucms version 3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-28091
SHA-256 | 3f7c39734f1fd0b1e3aa62d608deccf6fa4731ae92cb2cf90e648d407d417e0c
PESCMS TEAM 2.3.2 Cross Site Scripting
Posted Nov 19, 2020
Authored by icekam

PESCMS TEAM version 2.3.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-28092
SHA-256 | 78b604f0c2a46c0ed39c6ce7e7decc2310a9a52f7f58a4dea0be82cd2e47ee5b
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close