Backdoor.Win32.Wollf.14 malware has a backdoor on TCP/7614 that does not require any authentication.
2f11b22f4a81eedb7df75e8958cdd82cecb3055d43ca8789947305c47f9b576a
142 bytes small Linux/x64 shellcode that binds a password protected shell to TCP 0.0.0.0:4444.
333530589c154018011a1ee45adb6102c069fc8e7b0ef4eaecdb98fd693c95d6
Backdoor.Win32.Kraimer.11 malware has a backdoor on TCP/6668 that does not require any authentication.
5f05a5534857a1ffa1de021039a3e94cc618d99cc6d1cf04bba6bde3ea222d6c
Backdoor.Win32.Verify.f malware has backdoors running on TCP ports 1906 and 1907 that do not require any authentication.
cf0d05fad5bd20b1a4725f45b439683727f6fcb22ffc0ac1c0781c2dfad9a15f
Backdoor.Win32.Onalf malware has a backdoor running on TCP/2020 that does not require any authentication.
11a484e66621a068144ad8f7018fb183228c9b73ab0087efdfb38ba9ac0ca945
Backdoor.Win32.Zxman malware has a backdoor running on TCP/2048 that does not require any authentication.
7e36b3ed420235c9c2bb63db0969a3ca18598c9509d4fd42955a600687d7d9e8
123 bytes small Linux/x64 reverse shell shellcode that connects to TCP/127.1.1.1:4444.
d489702cacf00b2cfb806769d32c8598c913a2c473ddd76a85a653c65a631687
65 bytes small Linux/x86 bindshell shellcode that binds /bin/sh to TCP/0.0.0.0:13377.
0b6f0d113dff3fe9e7fd8830f15d89012a24c53b6fd740940fa27df4be7c06fe
Backdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named "cmd.dll" under C:\WINDOWS\ which listens on both TCP ports 2003 and 2004. By sending consecutive HTTP PUT requests with large payloads of characters, we can cause buffer overflow.
400bc171e968496bf6805e3f0060696d5ec13c5f875efa99884bbebe00d20df4
114 bytes small Linux/x86 reverse TCP shellcode.
2683c644409206f0c3a9aae6d82afb5a6f04a316245fb265c0cdab4441651ee1
An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8.
d17ea5576bc764da9307b56d3e500fe6c4d6a46a6d607ac07eeebd256034d86c
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7d
Asterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.
16f54da5d3c7145bd5aa998e183688a666211433fed046580666ec3e14e0913e
Red Hat Security Advisory 2020-4619-01 - FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Issues addressed include denial of service and information leakage vulnerabilities.
d475983c42dcc5c3867aad810c12f3fdce4cde368c3c871b20cc730fbf94dd14
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
d39dd235b20123b43fb5cee5acd54edcf69e396c79fe833b6d59d98be7c3c7e9
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
9ecf2e93adad5a90c69fa7ab419937ef670398707dd4f97b12bf464d6b1e6cda
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
b118e8b223a875a88b725f3dcc2a68c41831b1cec67e4f6a41ff969667fccfbf
The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.
74ae12d312c6c46fa9f122b2a106d803de515d0b707dfe34720c066dd56a2680
84 bytes small Linux/x86 reverse TCP shellcode.
a9b8dde55f9a62b0ac5a12be1dac512db3965420f4d49dbeec8a6055fc68b62d
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is affected.
be074654b32c8f5acc5a65ebfb2346bf9d5c96f828c3e11ce96a91c39d1bafef
Ubuntu Security Notice 4468-1 - Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.
e68968b54f06a09f60aaea3f86c5fd5e18688a0dc2013d6d8a0ac01245a43511
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
484fc9b660454f253984e2830015a52522fee4232ff0e81a34a5c5b6c0cf0b46
The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The attack consists in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service. This service will then launch the vulnerable installer component (vpndownloader), which copies itself to an arbitrary location before being executed with system privileges. Since vpndownloader is also vulnerable to DLL hijacking, a specially crafted DLL (dbghelp.dll) is created at the same location vpndownloader will be copied to get code execution with system privileges. This exploit has been successfully tested against Cisco AnyConnect Secure Mobility Client versions 4.5.04029, 4.5.05030 and 4.7.04056 on Windows 10 version 1909 (x64) and Windows 7 SP1 (x86).
b6d44c2b494378ff342fef57be9d4be4564327103eadabb01ff166ae6dae9bff
100 bytes small null-free Linux/ARM shellcode that binds /bin/sh to 0.0.0.0:1337/TCP.
7ee6a6fcc5e486b90d3866afa4de0159d3ef94aa1637076ecdb4c1ab24dbf700
Red Hat Security Advisory 2020-2265-01 - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. Issues addressed include a HTTP request smuggling vulnerability.
0c0904de44986bd12f1e63e56e6c3667b84845a080c52245dc69f3aecca57230