Boxoft Convert Master version 1.3.0 SEH local buffer overflow exploit.
47080b28a8e6f189781fc5c7cf47144a2979d43b700a2d3c2a02da8c54e85bcd
Wonder CMS version 3.1.3 suffers from a persistent cross site scripting vulnerability.
ccccd9ed98df37b0b7a126ce3016965c698022509b6de871a00456304fad8878
NetSurveillance version 4.02.R11.00000140.10001.131900.00000 allows for an unauthenticated password change when no default security questions are set.
fd6228be6ec00b50ecd7051a15b7ee6d6dab5137e53bd49f35b84c6cdb78e569
Zortam MP3 Media Studio version 27.60 suffers from a code execution vulnerability.
0c44dc348d50e18cbc6ca452a51654910cc7056e24192001ae9b51ca1edf22a1
This Metasploit module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted WMA WAV M3U ACC FLAC file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode.
2fc82acea7b95409d6f96c56885e269103215f19b294a61787c2ac74dca93a0f
Ubuntu Security Notice 4637-2 - USN-4637-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across origins, bypass security restrictions, conduct phishing attacks, conduct cross-site scripting attacks, bypass Content Security Policy restrictions, conduct DNS rebinding attacks, or execute arbitrary code. Various other issues were also addressed.
4f713adabc152105077747045996121534ba7401875c9364bf618c591b2cdb5c
Ubuntu Security Notice 4639-1 - It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this for an XSS attack. It was discovered that phpMyAdmin mishandled certain input. An attacker could use this vulnerability to execute a cross-site scripting attack via a crafted URL. Various other issues were also addressed.
0779e7fa341ac78947934c261f4952b8924a503204b0c78b2229b84b8e1cf6f8
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.
25ed4c4c97f26a3df2dd64a41c356940753751abc3e5c7c9e0d7b682495221d9
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.
862e155c97737770baa26ffedf324a7fa255b757c85b0c9a6f312264f2ca29c5
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7d
erfs is an easy-to-use, easy-to-setup, hassle-free secure file system with the encrypted data being stored on a remote cloud server without having to trust the server. The client is a bash-script. The cloud server is provided by THC for free (as in free beer!). There is no limit per user, no limit of the number of file systems and no limit of how many locations can access the same file system simultaneously. It supports collaboration and the same filesystem can be accessed from different computers at the same time. The data is securely and seamlessly synchronized. The server has no knowledge of the content. A rogue server operator can not access the data. All key material is created on the user's computer and never stored or transferred to the server.
acabf88a256ecdeddf175c24b4263b0d4b660b4cd2c60eb52dccc56cdcbf11cf
This paper is a collection of THC's favorite tricks. Many of these tricks are not from them, they merely collect them. They show the tricks as-is without any explanation why they work. You need to know Linux to understand how and why they work.
07ddd32f849e88cecb82baf3b3250a7eb1c7d1d4a8c6cc06db0ab498817a4eb2
This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against 12.2.1.3.0 from Vulhub (Linux) and on Windows. Warning! Multiple sessions may be created by exploiting this vuln.
6c879a4e9e6dc2c3ad319ed39819005bbf1975b59feee6d511f7f1140f97fd91
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
32bac618c807d5f960f68dd20d1a1b3988f4033d5535daa8ffcd26fca4a4dc43
Ubuntu Security Notice 4638-1 - It was discovered that c-ares incorrectly handled certain DNS requests. An attacker could possibly use this issue to cause a denial of service.
22de1321f37779e2a2d90f916ad60679e84d0748afd9a717f50205a77a95bd19
TCMalloc is an inspection tool that lets you parse and inspect tcmalloc internals, and detect lost memory, meaning memory which is not reachable via any (internal) pointers.
2b86aa20695ff99c9d185ed04df1ba3584158ebaa73e1ac6836170d8afc84ad0
Sokrates SOWA SowaSQL suffers from a cross site scripting vulnerability. The module SOWA.WWW was fixed in version 4.8.16, whereas the module SOWA.OPAC was fixed in version 5.6.2.
126c83263ec1f977ca3ab7e64bbe290057fbec2da0c2f3bde1d8a8451fe4b9ca
TestBox CFML Test Framework version 4.1.0 suffers from arbitrary file write and remote code execution vulnerabilities.
233c49f03cbf8d45807a7927e676676ff08c5611513b7f16a38b6e2269b4f097
TestBox CFML Test Framework version 4.1.0 suffers from a directory traversal vulnerability.
564d7395708184ec2af19cd4ab16e8142690010142bb9ee73b933525fb89b775
Gemtek WVRTM-127ACN version 01.01.02.141 suffers from an authentication arbitrary command injection vulnerability.
288c20759376d1be2b2201de3eb7d9f660659dd2077eb3c2933919f67608b027
Internet Download Manager version 6.38.12 suffers from a scheduler downloads scheduler buffer overflow vulnerability.
77157f59589b89e5782b1e7180f9a4549ec5495b926d3cc0be053079751dbf39
Nagios Log Server version 2.1.7 suffers from a persistent cross site scripting vulnerability.
a114564a42184343d9c6589e82df2fbc813bb7026cb726f7d8f2579fd2b930db
M/Monit version 3.7.4 suffers from a password disclosure vulnerability.
a92ed4a23d80cabbc2f2973223f9125882573e59be97d5bf20768d3a5a796437
M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.
940af9a4fdd41005d1f80fc80891326898228ca47a2d355adeb0d8951f939180
Gitlab version 12.9.0 authenticated arbitrary file read exploit. A file read vulnerability was previously discovered in this version in May of 2020 by KouroshRZ.
3fa20aa2a7c614b9b11d6fbc0c9ba54d294469d6ed5ae63e80764789e70be637