The Great War: Linux -vs- Minix

The CA BrightStor Discovery Service overflow exploit is a perl module exploits a vulnerability in the CA BrightStor Discovery Service which occurs when a large request is sent to UDP port 41524, triggering a stack overflow. Targets include Win32, win2000, winxp, and win2003. More information available here.

CA BrightStor Discovery Service SERVICEPC Overflow for Win32, win2000, winxp, and win2003 which exploits a vulnerability in the TCP listener on port 45123. Affects all known versions of the BrightStor product. More information available here.

Vinetto is a tool intended for forensics examinations. It is a console program to extract thumbnail images and their metadata from those thumbs.db files generated under Microsoft Windows. Vinetto works under Linux, Cygwin(win32) and Mac OS X.

Vinetto is a tool intended for forensics examinations. It is a console program to extract thumbnail images and their metadata from those thumbs.db files generated under Microsoft Windows. Vinetto works under Linux, Cygwin(win32) and Mac OS X.

This is a MySQL backdoor kit for Windows based on the UDFs (User Defined Functions) mechanism. It can be used to spawn a reverse shell (netcat UDF on port 80/tcp) or to execute single OS commands (exec UDF). Tested on MySQL 4.0.18-win32 (running on Windows XP SP2), MySQL 4.1.22-win32 (running on Windows XP SP2), MySQL 5.0.27-win32 (running on Windows XP SP2).

Vinetto is a tool intended for forensics examinations. It is a console program to extract thumbnail images and their metadata from those thumbs.db files generated under Microsoft Windows. Vinetto works under Linux, Cygwin(win32) and Mac OS X.

Whale in a win32 attack surface toolkit written in C#. It's capable of monitoring many of different areas of the Windows for new and removed kernel objects, open ports, drivers, services and much more. It also allows a user to test for different bug classes and has found a few interesting issues across the sub-systems.

CentOS Control Web Panel version 0.9.8.836 suffers from a privilege escalation vulnerability.

CentOS Control Web Panel version 0.9.8.836 suffers from an authentication bypass vulnerability.

CentOS Control Web Panel version 0.9.8.838 suffers from a user enumeration vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.836 suffers from a remote command execution vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) versions 0.9.8.836 through 0.9.8.840 suffer from a user enumeration vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.846 suffers from a reflective cross site scripting vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.851 suffers from an arbitrary database dropping vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.851 allows an attacker to change arbitrary passwords.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a persistent cross site scripting vulnerability.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a cross site request forgery vulnerability.

This Metasploit module attempts to gain root privileges by blindly injecting into the session user's running shell processes and executing commands by calling system(), in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit ptrace. This module has been tested successfully on Debian 9.8 (x64) and CentOS 7.4.1708 (x64).

CentOS Webpanel version 7 suffers from a remote SQL injection vulnerability.

Magento WooCommerce CardGate Payment Gateway version 2.0.30 suffers from a payment process bypass vulnerability.

This Metasploit module is an exploit that takes advantage of xglance-bin, part of HP's Glance (or Performance Monitoring) version 11 and subsequent, which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating libraries in this location will result in an escalation of privileges to root.

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.