ag

Digital Whisper Electronic Magazine #93

Digital Whisper Electronic Magazine issue 93. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #94

Digital Whisper Electronic Magazine issue 94. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #95

Digital Whisper Electronic Magazine issue 95. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #96

Digital Whisper Electronic Magazine issue 96. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #97

Digital Whisper Electronic Magazine issue 97. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #98

Digital Whisper Electronic Magazine issue 98. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #99

Digital Whisper Electronic Magazine issue 99. Written in Hebrew.




ag

Digital Whisper Electronic Magazine 100

Digital Whisper Electronic Magazine issue 100. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #101

Digital Whisper Electronic Magazine issue 101. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #102

Digital Whisper Electronic Magazine issue 102. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #103

Digital Whisper Electronic Magazine issue 103. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #105

Digital Whisper Electronic Magazine issue 105. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #106

Digital Whisper Electronic Magazine issue 106. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #107

Digital Whisper Electronic Magazine issue 107. Written in Hebrew.




ag

Digital Whisper Electronic Magazine #104

Digital Whisper Electronic Magazine issue 104. Written in Hebrew.




ag

Linux/x64 Reverse TCP Stager Shellcode

188 bytes small Lnux/x64 reverse TCP stager shellcode.




ag

Sagemcom Fast 3890 Remote Code Execution

This exploit uses the Cable Haunt vulnerability to open a shell for the Sagemcom F@ST 3890 (50_10_19-T1) cable modem. The exploit serves a website that sends a malicious websocket request to the cable modem. The request will overflow a return address in the spectrum analyzer of the cable modem and using a rop chain start listening for a tcp connection on port 1337. The server will then send a payload over this tcp connection and the modem will start executing the payload. The payload will listen for commands to be run in the eCos shell on the cable modem and redirect STDOUT to the tcp connection.







ag

NagiosXI 5.6 Remote Command Execution

This is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6.




ag

NagiosXI 5.6.11 Remote Command Execution

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11.




ag

ManageEngine 14 Remote Code Execution

This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14.




ag

Packet Storm Exploit 2013-0811-1 - Oracle Java storeImageArray() Invalid Array Indexing Code Execution

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.




ag

Packet Storm Advisory 2013-0811-1 - Oracle Java storeImageArray()

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file. This finding was obtained through the Packet Storm Bug Bounty program.




ag

Java storeImageArray() Invalid Array Indexing

This Metasploit module abuses an Invalid Array Indexing Vulnerability on the static function storeImageArray() function in order to produce a memory corruption and finally escape the Java Sandbox. The vulnerability affects Java version 7u21 and earlier. The module, which doesn't bypass click2play, has been tested successfully on Java 7u21 on Windows and Linux systems. This was created based upon the Packet Storm Bug Bounty release for this issue.




ag

Microsoft Windows .Reg File / Dialog Box Message Spoofing

The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its ability to show the default secondary status dialog box (Win 10), thereby hiding the fact that our attack was successful.




ag

ManageEngine DataSecurity Plus Path Traversal / Code Execution

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.




ag

ManageEngine Asset Explorer Windows Agent Remote Code Execution

The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.




ag

LabVantage 8.3 Information Disclosure

LabVantage version 8.3 suffers from an information disclosure vulnerability.




ag

ManageEngine EventLog Analyzer 10.0 Information Disclosure

ManageEngine EventLog Analyzer version 10.0 suffers from an information disclosure vulnerability.




ag

Cisco M1070 Content Security Management Appliance IronPort Header Injection

Cisco M1070 Content Security Management Appliance IronPort remote host header injection exploit.




ag

Cisco Content Security Management Virtual Appliance M600V IronPort Header Injection

Cisco Content Security Management Virtual Appliance M600V IronPort remote host header injection exploit.




ag

Cisco DCNM JBoss 10.4 Credential Leakage

Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.




ag

Cisco Data Center Network Manager 11.2 Remote Code Execution

Cisco Data Center Network Manager version 11.2 remote code execution exploit.




ag

Cisco Data Center Network Manager 11.2.1 SQL Injection

Cisco Data Center Network Manager version 11.2.1 suffers from a remote SQL injection vulnerability.




ag

Cisco Data Center Network Manager 11.2.1 Command Injection

Cisco Data Center Network Manager version 11.2.1 remote command injection exploit.




ag

ImageMagick Memory Leak

ImageMagick versions prior to 7.0.8-9 suffers from a memory leak vulnerability.




ag

KVM kvm_inject_page_fault Uninitialized Memory Leak

KVM suffers from an uninitialized memory leak vulnerability in kvm_inject_page_fault.




ag

Irix LPD tagprinter Command Execution

This Metasploit module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Irix.













ag

Nagios XI Authenticated Remote Command Execution

This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.6.5 running on CentOS 7. The module may behave differently against older versions of Nagios XI.