Digital Whisper Electronic Magazine issue 93. Written in Hebrew.

Digital Whisper Electronic Magazine issue 94. Written in Hebrew.

Digital Whisper Electronic Magazine issue 95. Written in Hebrew.

Digital Whisper Electronic Magazine issue 96. Written in Hebrew.

Digital Whisper Electronic Magazine issue 97. Written in Hebrew.

Digital Whisper Electronic Magazine issue 98. Written in Hebrew.

Digital Whisper Electronic Magazine issue 99. Written in Hebrew.

Digital Whisper Electronic Magazine issue 100. Written in Hebrew.

Digital Whisper Electronic Magazine issue 101. Written in Hebrew.

Digital Whisper Electronic Magazine issue 102. Written in Hebrew.

Digital Whisper Electronic Magazine issue 103. Written in Hebrew.

Digital Whisper Electronic Magazine issue 105. Written in Hebrew.

Digital Whisper Electronic Magazine issue 106. Written in Hebrew.

Digital Whisper Electronic Magazine issue 107. Written in Hebrew.

Digital Whisper Electronic Magazine issue 104. Written in Hebrew.

188 bytes small Lnux/x64 reverse TCP stager shellcode.

This exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection.

This is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6.

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11.

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14.

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was obtained through the Packet Storm Bug Bounty program.

This Metasploit module abuses an Invalid Array Indexing Vulnerability on the static function storeImageArray() function in order to produce a memory corruption and finally escape the Java Sandbox. The vulnerability affects Java version 7u21 and earlier. The module, which doesn't bypass click2play, has been tested successfully on Java 7u21 on Windows and Linux systems. This was created based upon the Packet Storm Bug Bounty release for this issue.

The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.

The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.

LabVantage version 8.3 suffers from an information disclosure vulnerability.

ManageEngine EventLog Analyzer version 10.0 suffers from an information disclosure vulnerability.

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.

Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.

Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.

Cisco Data Center Network Manager version 11.2 remote code execution exploit.

Cisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.

Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.

ImageMagick versions prior to 7.0.8-9 suffers from a memory leak vulnerability.

KVM suffers from an uninitialized memory leak vulnerability in kvm_inject_page_fault.

This Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Irix.

This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.6.5 running on CentOS 7. The module may behave differently against older versions of Nagios XI.