RansomLord v1 / Anti-Ransomware Exploit Tool

Posted by malvuln on Aug 02

RansomLord is a proof-of-concept tool that automates the creation of PE
files, used to compromise Ransomware pre-encryption.

Lang: C

SHA256: b0dfa2377d7100949de276660118bbf21fa4e56a4a196db15f5fb344a5da33ee

Video PoC:
https://www.youtube.com/watch?v=_Ho0bpeJWqI

Download: https://github.com/malvuln/RansomLord

RansomLord generated PE files are saved to disk in the x32 or x64
directorys where the program is run from.

Goal is to exploit code...

Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)

Posted by Mahmoud Noureldin on Aug 02

This is an old app but in an easy way which not the same which in public.

Exploit Title: Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)

# Date: [30/07/2023]
# Exploit Author: [0xBOF90]
# Vendor Homepage: [link]
# Version: [app version] (3.1)
# Tested on: [Windows 10]

import socket
import sys

try:
server = b"192.168.56.102"
#\x00\x0a\x0d\x25
port = 80
size = 253
# msfvenom -p windows/shell_reverse_tcp...

Ubuntu Security Notice USN-6267-1

Ubuntu Security Notice 6267-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy.

Red Hat Security Advisory 2023-4432-01

Red Hat Security Advisory 2023-4432-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Red Hat Security Advisory 2023-4431-01

Red Hat Security Advisory 2023-4431-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Red Hat Security Advisory 2023-4341-01

Red Hat Security Advisory 2023-4341-01 - Red Hat OpenShift bug fix and security update. Red Hat Product Security has rated this update as having a security impact of Low. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4429-01

Red Hat Security Advisory 2023-4429-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Red Hat Security Advisory 2023-4428-01

Red Hat Security Advisory 2023-4428-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

EmpowerID 7.205.0.0 Authentication Bypass

EmpowerID versions 7.205.0.0 suffers from a vulnerability that allows an attacker to change a second factor flow armed with only the login and password for an account.

Red Hat Security Advisory 2023-4417-01

Red Hat Security Advisory 2023-4417-01 - CJose is C library implementing the Javascript Object Signing and Encryption.

Red Hat Security Advisory 2023-4310-01

Red Hat Security Advisory 2023-4310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.46. Issues addressed include denial of service and out of bounds read vulnerabilities.

Red Hat Security Advisory 2023-4312-01

Red Hat Security Advisory 2023-4312-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.46.

Red Hat Security Advisory 2023-4413-01

Red Hat Security Advisory 2023-4413-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4418-01

Red Hat Security Advisory 2023-4418-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Red Hat Security Advisory 2023-4421-01

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

Red Hat Security Advisory 2023-4419-01

Red Hat Security Advisory 2023-4419-01 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-4420-01

Red Hat Security Advisory 2023-4420-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 RPMs.

Stored XSS - Perch

Posted by Andrey Stoykov on Aug 01

# Exploit Title:
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Version: 3.2
# Tested on: Windows Server 2022
# Blog: http://msecureltd.blogspot.com

XSS #1:

File: roles.edit.post.php

Line #57:

[...]
<div class="field-wrap <?php echo $Form->error('roleTitle', false);?>">
<?php echo $Form->label('roleTitle', 'Title'); ?>
<div class="form-entry">...

Pentest Paper - Introduction to Web Pentest

Posted by Andrey Stoykov on Aug 01

Just putting this for the new starters.

It is in two languages, Bulgarian and English.

https://drive.google.com/file/d/1mzYeratoSV82Oxaj_dYvu4fg7vSBuhE1/view
https://drive.google.com/file/d/1b8obLloMnmQGI1gqAablzuTyKOFBRZjb/view

Has basic configuration for Burpsuite Proxy, including basic exploitation
of XSS, SQLi, CSRF and Open redirect.

Has brief theory explanation prior to showing how to exploit each flaw.

Kind Regards,
Andrey Stoykov

Unauthorized MFA Code Delivery in EmpowerID

Posted by Patel, Nirav on Aug 01

Severity: High

Description:

An identified security flaw is present in EmpowerID versions V7.205.0.0 and prior versions, causing the system to
mistakenly send Multi-Factor Authentication (MFA) codes to unintended email addresses. To exploit this vulnerability,
an attacker would need to have access to valid and breached login details, including a username and password.

This vulnerability's root cause lies in insufficient verification of...

CVE-2023-28130 - Hostname injection leads to Remote Code Execution RCE (Authenticated)

Posted by Rick Verdoes via Fulldisclosure on Aug 01

=========================
Exploit Title: Hostname injection leads to Remote Code Execution RCE (Authenticated)
Product: Gaia Portal
Vendor: Checkpoint
Vulnerable Versions: R81.20 < Take 14, R81.10 < Take 95, R81 < Take 82 and R80.40 < Take 198
Tested Version: R81.10 (take 335)
Advisory Publication: July 27, 2023
Latest Update: July 72, 2023
Vulnerability Type: Improper Control of Generation of Code (Code Injection) [CWE-94]
CVE...

Trovent Security Advisory 2303-01 / CVE-2023-36255 / Authenticated remote code execution in Eramba

Posted by Stefan Pietsch on Aug 01

# Trovent Security Advisory 2303-01 #
#####################################

Authenticated remote code execution in Eramba
#############################################

Overview
########

Advisory ID: TRSA-2303-01
Advisory version: 1.0
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2303-01
Affected product: Eramba
Affected version: 3.19.1 (Enterprise and Community edition)
Vendor: Eramba Limited,...

ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability

Posted by info () vulnerability-lab com on Aug 01

Document Title:
===============
ETSI WEBstore 2023 - Persistent Cross Site Scripting Web Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2327

Release Date:
=============
2023-07-26

Vulnerability Laboratory ID (VL-ID):
====================================
2327

Common Vulnerability Scoring System:
====================================
4.6

Vulnerability Class:
====================...

Ubuntu Security Notice USN-6266-1

Ubuntu Security Notice 6266-1 - Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element.

Red Hat Security Advisory 2023-4411-01

Red Hat Security Advisory 2023-4411-01 - CJose is C library implementing the Javascript Object Signing and Encryption.

Red Hat Security Advisory 2023-4410-01

Red Hat Security Advisory 2023-4410-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Ubuntu Security Notice USN-6263-1

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

Red Hat Security Advisory 2023-4409-01

Red Hat Security Advisory 2023-4409-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Red Hat Security Advisory 2023-4408-01

Red Hat Security Advisory 2023-4408-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Red Hat Security Advisory 2023-4415-01

Red Hat Security Advisory 2023-4415-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Red Hat Security Advisory 2023-4416-01

Red Hat Security Advisory 2023-4416-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

Ubuntu Security Notice USN-6242-2

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

Ubuntu Security Notice USN-6264-1

Ubuntu Security Notice 6264-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

[webapps] Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)

Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)

[webapps] Joomla iProperty Real Estate 4.1.1 - Reflected XSS

Joomla iProperty Real Estate 4.1.1 - Reflected XSS

[webapps] Joomla Solidres 2.13.3 - Reflected XSS

Joomla Solidres 2.13.3 - Reflected XSS

[local] General Device Manager 2.5.2.2 - Buffer Overflow (SEH)

General Device Manager 2.5.2.2 - Buffer Overflow (SEH)

Red Hat Security Advisory 2023-4313-01

Red Hat Security Advisory 2023-4313-01 - PostgreSQL is an advanced object-relational database management system.

[webapps] copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)

copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)

[webapps] Zomplog 3.9 - Cross-site scripting (XSS)

Zomplog 3.9 - Cross-site scripting (XSS)

[webapps] Joomla HikaShop 4.7.4 - Reflected XSS

Joomla HikaShop 4.7.4 - Reflected XSS

[webapps] copyparty 1.8.2 - Directory Traversal

copyparty 1.8.2 - Directory Traversal

[local] GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution

GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution

[webapps] Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)

Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)

[local] mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory

mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory

[webapps] WordPress Plugin AN_Gradebook 5.0.1 - SQLi

WordPress Plugin AN_Gradebook 5.0.1 - SQLi

[webapps] RosarioSIS 10.8.4 - CSV Injection

RosarioSIS 10.8.4 - CSV Injection

[webapps] Perch v3.2 - Persistent Cross Site Scripting (XSS)

Perch v3.2 - Persistent Cross Site Scripting (XSS)

[webapps] October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)

October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated)

[local] Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping

Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping

[webapps] zomplog 3.9 - Remote Code Execution (RCE)

zomplog 3.9 - Remote Code Execution (RCE)

[webapps] mooDating 1.2 - Reflected Cross-site scripting (XSS)

mooDating 1.2 - Reflected Cross-site scripting (XSS)

[webapps] Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS

Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS

[webapps] PaulPrinting CMS - (Search Delivery) Cross Site Scripting

PaulPrinting CMS - (Search Delivery) Cross Site Scripting

[webapps] Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities

Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities

[webapps] Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities

Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities

Ubuntu Security Notice USN-6260-1

Ubuntu Security Notice 6260-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges.

Ubuntu Security Notice USN-6259-1

Ubuntu Security Notice 6259-1 - Jos Wetzels, Stanislav Dashevskyi, and Amine Amri discovered that Open-iSCSI incorrectly handled certain checksums for IP packets. An attacker could possibly use this issue to expose sensitive information. Jos Wetzels, Stanislav Dashevskyi, Amine Amri discovered that Open-iSCSI incorrectly handled certain parsing TCP MSS options. An attacker could possibly use this issue to cause a crash or cause unexpected behavior.

Red Hat Security Advisory 2023-4226-01

Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.

Debian Security Advisory 5460-1

Debian Linux Security Advisory 5460-1 - It was discovered that Curl performed incorrect file path handling when saving cookies to files, which could lead to the creation or overwriting of files.