Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
bc0e3e1d109dedc36a4b8bd38acaf20a9bdc6d8ea141f57aeba14e80aba1541c
Syslog Server version 1.2.3 for windows suffers from a remote denial of service vulnerability.
eb46422ac777aa5dbb0a485572f6eef92724300a3e1e4ce51efb6b9d7f377572
WebCalendar version 1.2.7 attempts to uses the HTTP Referer to check that requests are originating from same server. However, this can be easily defeated by just not sending a referer.
b21b04f0900a0f57b17194ed5f9dc60a1ad09467022464b6d1d905884edfc003
A double-fetch vulnerability exists in Linux-4.6/kernel/auditsc.c for kernel versions 4.6 and below that can allow for a race condition.
b8484509b883b5ba7efb0f9836de1eba2e683bda2f71f327c5292b39ac3bafa3
64 bytes small Linux/64bit NetCat bindshell shellcode.
ccb8a4620f13eab28b158fe220b47f9d39887bd7678a8dc86c301a69c5420547
Exim4 in some variants is started as root but switches to uid/gid Debian-exim/Debian-exim. But as Exim might need to store received messages in user mailboxes, it has to have the ability to regain privileges. This is also true when Exim is started as "sendmail". During internal operation, sendmail (Exim) will manipulate message spool files in directory structures owned by user "Debian-exim" without caring about symlink attacks. Thus execution of code as user "Debian-exim" can be used to gain root privileges by invoking "sendmail" as user "Debian-exim".
bd74c62b27f39b7f46709bc09cd8804cada21ce8799966cc4bc67706ff142d5b
Linux-4.6/drivers/platform/chrome/cros_ec_dev.c suffers from a double-fetch vulnerability that can lead to a race condition and buffer overflow.
80e0da9e4ae252335cbbe6ee98e428a3d91d04848442075c7a5d00d6fe887ef1
eCardMAX version 10.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
5f8de22c048b71098b35ba1e93cbe3c2fa763ab62088181de333bfc3b4e6b4a4
KWSPHP CMS version 1.6.995 suffers from a persistent cross site scripting vulnerability.
b714b2be97af5970b2a4ee01b3b85daac8e2776f7d722f1dec378d2bb467d9fd
98 bytes small Linux/x86 TCP bindshell shellcode that binds to port 4444.
bbeda0cdeea38bf97a30d59d5a8052ae8344aaec1e3c2e7e0e24491a1739f9bb
All EMC Documentum WDK-based applications (Taskspace, Webtop, Documentum Administrator, EPFM) contain an extremely dangerous web component – API Tester. It allows for path traversal, arbitrary code execution, and privilege escalation attacks.
46663e14e60c2d3f94f374b2571e350b1e7744ac4f13a7cd8032e426b3ab94df
WebCalendar version 1.2.7 suffers from a PHP code injection vulnerability.
f08625bb439c813ff12d6610f1b47451bd70656f904beb6b7f2d5a5f98986f4d