Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
491a7ed475f73b7cb958fd34d9c11a860a0158979d89768b93c42308a5c44892
This Metasploit module exploits a path traversal and a local file inclusion vulnerability on WordPress versions 5.0.0 and versions below or equal to 4.9.8. The crop-image function allows a user, with at least author privileges, to resize an image and perform a path traversal by changing the _wp_attached_file reference during the upload. The second part of the exploit will include this image in the current theme by changing the _wp_page_template attribute when creating a post. This exploit module only works for Unix-based systems currently.
bd1f2d0a7453946a4baa703e14878a8668792a590d2018556e1e736471a78c41
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
39c2544e771695c57667b95cc34d51ec3cbf6ec1288fc8ea1981234f05246b65
FreeSMS version 2.1.2 suffers from a remote SQL injection vulnerability.
f9d0f06954df7127c1f7da2c6973086ec5ed205332e214311fa7ec075f8918d2
Manage Engine ServiceDesk Plus version 9.3 suffers from a privilege escalation vulnerability.
87787f1fb2a7439a9948e5731a3c9ebc899dcd1c11621afaedcab653880b4eb7
AIDA64 Extreme version 5.99.5900 logging SEH buffer overflow exploit.
33bc00d3a310700b1a4cda4084c05d980e79a74d09218d74cc5a0b509bb40abf
WordPress Contact Form Maker plugin version 1.13.1 suffers from a cross site request forgery vulnerability.
1c7a3b27afbbedd8d750455aa126e9363090a0ccf6ca80bf062df80fbc2c60f1
Lupusec XT2 Plus Main Panel with firmware 0.0.2.19E suffers from shared private keys for SSL certificates, root passwords derived from the MAC address, information disclosure, and cross site request forgery vulnerabilities.
9c581dc92641e4428dbdc52160abc9e17d59118fbbf7c51f88f013367312c44b
Ubuntu Security Notice 3936-1 - It was discovered that AdvanceCOMP incorrectly handled certain PNG files. An attacker could possibly use this issue to execute arbitrary code.
51ecf0037b21fb41d85c22d8b5ee3799c061e4d5cd9ab4d764ebeb54d48207b2
Ubuntu Security Notice 3937-1 - Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.
c17a43ba53d0845a663b1213936884d7465b45def0d79156050131ef37d78a6d
Gentoo Linux Security Advisory 201904-9 - Multiple vulnerabilities have been found in Xen, the worst of which could result in privilege escalation. Versions less than 4.10.3-r2 are affected.
20d19efdbab2418f08c453b6a6915acf70d4e56601ffb6928ffadad10d6dab92
Debian Linux Security Advisory 4423-1 - Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially be re-used.
1e45ae1dc23caffe87602e1bbed82996f2591e5fb6ede15f65f06bb64b3a52ad
Magic ISO Maker version 5.5 build 281 suffers from a denial of service vulnerability.
2880b8593afdcef3dec022df92a56b326a8b141d28605ea46320f2026a225e0f
Chrome version 73.0.3683.86 stable exploit for chromium issue 941743, tested on Windows 10 x64, which leverages a flaw in the V8 javascript engine.
ed2806699f2887002b690cf52cf4d2bf2e737c931f2b6c9116bddc399099bed4
Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.
9525ffd9aefbc06136c75f55edd33355815fc7df0b0f150a337892cfad9ed4bd
AIDA64 Engineer version 5.99.4900 Load from file field SEH buffer overflow exploit.
d2886dbe120be9c41a01a90ae64f8844b646245816ebbe6afd377dea5cd5ec1a