Microsoft Windows Net Use Insufficent Authentication
The Windows "net use" network logon type-3 command does not prompt for authentication when the built-in Administrator account is enabled and both remote and originating systems suffer from password...
View ArticlenetABuse Insufficient Windows Authentication Logic Scanner
netABuse is a scanner that identifies systems susceptible to a Microsoft Windows insufficient authentication logic flaw.
View ArticleNeowise CarbonFTP 1.4 Insecure Proprietary Password Encryption
Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.
View ArticleCloudMe 1.11.2 Buffer Overflow
CloudMe version 1.11.2 buffer overflow proof of concept exploit. Original vulnerability discovered by hyp3rlinx.
View ArticleCloudMe 1.11.2 SEH / DEP / ASLR Buffer Overflow
CloudMe version 1.11.2 SEH / DEP / ASLR buffer overflow exploit. The original discovery of this vulnerability was by hyp3rlinx.
View ArticleAvaya IP Office 11 Insecure Transit / Password Disclosure
Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure.
View ArticleWinGate 9.4.1.5998 Insecure Permissions / Privilege Escalation
WinGate version 9.4.1.5998 suffers from an insecure permissions vulnerability that allows for privilege escalation.
View ArticleHFS Http File Server 2.3m Build 300 Buffer Overflow
HFS Http File Server version 2.3m build 300 suffers from a remote buffer overflow vulnerability that can lead to a denial of service.
View ArticleMicrosoft Windows MSHTA.EXE .HTA File XML Injection
Microsoft Windows mshta.exe allows processing of XML external entities which can result in local data-theft and or program reconnaissance upon opening specially crafted HTA files.
View ArticleEricom Access Server 9.2.0 Server-Side Request Forgery
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems...
View ArticleMicrosoft Windows Finger Security Bypass / C2 Channel
Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to send Finger Protocol...
View ArticleMantis Bug Tracker 2.3.0 Remote Code Execution
Mantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability.
View ArticleCloudMe 1.11.2 Buffer Overflow
CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the...
View ArticleRecon Informer 1.2
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
View ArticleWindows File Enumeration Intel Gathering Tool 2.2
NtFileSins.py is a Windows file enumeration intel gathering tool.
View ArticleRecon Informer 1.3
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
View ArticleMicrosoft Windows cmd.exe Stack Buffer Overflow
Microsoft Windows cmd.exe suffers from a stack buffer overflow vulnerability.
View ArticleMicrosoft Internet Explorer Active-X Control Security Bypass
Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life.
View ArticleMicrosoft Windows .Reg File Dialog Spoofing / Mitigation Bypass
Microsoft Windows suffers from a registration file dialog spoofing vulnerability and their last fix to this issue can be bypassed.
View ArticleMicrosoft Windows Defender / Detection Bypass
Microsoft Windows Defender suffers from a detection bypass vulnerability due to a sub-par mitigation priorly adopted.
View Article