OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
36eddfce8f2f36347fb257dbf878ba0303a2eaafe24eaa071d5cd302261046a9
This Metasploit module exploits a command injection vulnerability in IGEL OS Secure Terminal and Secure Shadow services.
793658696a77b07f44aa82858509f75d27fb6d744c70a1b78fc7ea464a2a5f12
This Metasploit module exploits an issue in the V8 engine on x86_x64 builds of Google Chrome versions prior to 89.0.4389.128/90.0.4430.72 when handling XOR operations in JIT'd JavaScript code. Successful exploitation allows an attacker to execute arbitrary code within the context of the V8 process. As the V8 process is normally sandboxed in the default configuration of Google Chrome, the browser must be run with the --no-sandbox option for the payload to work correctly.
021951718048ffe0b71a7648ba64e0929b63f860f2b0a3b5424af17523e26274
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
66a234c3ee60604a8edd685a64110663a633757d3183db314edd76526fe1a0d8
Epic Games Rocket League version 1.95 suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the processing of a UPK format file, which can be exploited to cause a stack buffer overflow when a user crafts the file with a large array of bytes inserted in the vicinity offset after the magic header. Successful exploitation could allow execution of arbitrary code on the affected machine.
9aca17edbee1e4311ae8f1782a958f79fa3979f842eee23c1d85f52f471dfe26
Epic Games Rocket League versions 1.95 and below suffer from an insecure permissions vulnerability.
7265a86350f635261f04efa01c468b9a397f529d7db60a2450121e1dfcc758b2
It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker could use this to gain elevated privileges. Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
2804a214253fb2c002641f38c8aae9e4023d617f9897b0c5c01ff06e5794df2b
GitLab Community Edition (CE) version 13.10.3 suffers from multiple user enumeration vulnerabilities.
5d420382a54e49ae96ced981f0727ae390e51d108048932dd69d45374578bae6
Gadget Works Online Ordering System version 1.0 remote SQL injection to remote code execution exploit.
2d18d2f9555bfff94cfed3277ed76d3a918cd3ddca2e9c2a26e1793755043fd5
Gadget Works Online Ordering System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ace02550215387baeed4b171bd0dee0fd249e7b017d001a279cf46ceb6e41080
Red Hat Security Advisory 2021-1478-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
af20513e6978fc85d3985061fc5723dd0fd2854e0de3c5a21fffdbab758eacb6
Red Hat Security Advisory 2021-1477-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
bcfbac82ac854e75d583aaaa75371751c38db70930f9d32b21ad7413ff2e8457
Red Hat Security Advisory 2021-1479-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
a5b7c2e4f22cce63987a658b6b839efc32b1878a81ec93aaac31328663271d5a
Red Hat Security Advisory 2021-1475-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
620d7cd24e2af7f261b2564b33071a122adad42c182fc6c73f978cee73e0787c
Red Hat Security Advisory 2021-1476-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
beeca5b535059562d052ad02baff831c11c3a4f674dccf62a32e08dade634956
Gentoo Linux Security Advisory 202104-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 88.0 are affected.
5ca81f664f4e17349799dff5ec0303eacf0a8ec7882e1cb1d495ace0532dfaaa
Gentoo Linux Security Advisory 202104-9 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 78.10.0 are affected.
14468afd1abbcf533ea6611cd505e671361f822b331808ff4f16194ccb84f300
Gentoo Linux Security Advisory 202104-8 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 90.0.4430.93 are affected.
3c0116aeb3e752ff274eefc0030e2c4cfc941c4cf5a69bc7d93086f56b183f77
Gentoo Linux Security Advisory 202104-7 - A vulnerability in ClamAV could lead to a Denial of Service condition. Versions less than 0.103.2 are affected.
68da708b4158f5fb98beecd59c9d158fdc1dc31c9bb39e6957237983a0c4f04b
Gentoo Linux Security Advisory 202104-6 - Multiple vulnerabilities have been found in LibTIFF, the worst of which could result in the execution of arbitrary code. Versions less than 4.2.0 are affected.
7b0a8d5c5e2063aa65d637133e54bdb98fee21618789b4b305531c3af2d691bc
Gentoo Linux Security Advisory 202104-5 - Multiple vulnerabilities have been found in GRUB, the worst might allow for circumvention of UEFI Secure Boot. Versions less than 2.06_rc1 are affected.
299d3aa5f1947d880973d356a72e943ce929b133f553e466d411763947ccd7a7
Gentoo Linux Security Advisory 202104-4 - Multiple vulnerabilities have been found in Python, the worst of which might allow attackers to access sensitive information. Versions less than 3.9.2_p1 are affected.
4bd66a4b0184575ea646f12aca50c9cce688ba33a729a181be524b704a6299fa
Gentoo Linux Security Advisory 202104-3 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code. Versions less than 2.30.6 are affected.
42cfd71020fbee05af94a73a16d71b91a80cbad1b727ff5cdca9d08ff0034864
Gentoo Linux Security Advisory 202104-2 - A vulnerability in X.Org X Server may allow users to escalate privileges. Versions less than 1.20.11 are affected.
a2b1708051bf9ef33bdd436ffce708cfd254521c7c6070c987b74631627084f1
Gentoo Linux Security Advisory 202104-1 - A vulnerability has been found in Git that could allow a remote attacker to execute arbitrary code. Versions less than 2.26.3 are affected.
501280a83ea3d468493a03bc6b8c2fd8cb7796e4399b355699ce16447e85a20b