Genie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Archive password is set to p4ssw0rd. Use at your own risk.

Genie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Version 1.3 Archive password is set to p4ssw0rd. Use at your own risk.

Genie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Version 1.4 Archive password is set to p4ssw0rd. Use at your own risk.

Genie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Version 1.5.1 Archive password is set to p4ssw0rd. Use at your own risk.

Genie is a simple Telnet backdoor program that spawns on port 1179. Written for Windows 98/NT/XP. Version 1.7. Archive password is set to p4ssw0rd. Use at your own risk.

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

VirtualTablet Server version 3.0.2 denial of service proof of concept exploit.

Proof of concept denial of service exploit for the recent OpenSSL signature_algorithms_cert vulnerability.

A vulnerability associated with Use of Hard-coded Credentials (CWE-798) exists in Simulation Process Intelligence (3DOrchestrate Services) on premises licensed program. The security risk is evaluated as High (CVSS v.3.0 Base Score 8.0) and affects all 3DEXPERIENCE releases (from 3DEXPERIENCE R2014x to 3DEXPERIENCE R2020x).

3DEXPERIENCE R2018x FP.2011 Program Directory now available

3DEXPERIENCE R2019x FD08 (FP.2013) Program Directory is now available online.

3DEXPERIENCE R2020x FD02 (FP.2014) Program Directory now available

3DEXPERIENCE R2017x FP.2016 Program Directory is now available online.

3DEXPERIENCE, V5 and ENOVIAvpm support on Windows 10, Version1909

Qualys has discovered that OpenBSD suffers from multiple authentication bypass and local privilege escalation vulnerabilities.

Qualys discovered a local privilege escalation in OpenBSD's dynamic loader (ld.so). This vulnerability is exploitable in the default installation (via the set-user-ID executable chpass or passwd) and yields full root privileges. They developed a simple proof of concept and successfully tested it against OpenBSD 6.6 (the current release), 6.5, 6.2, and 6.1, on both amd64 and i386; other releases and architectures are probably also exploitable.

This Metasploit module exploits a vulnerability in the OpenBSD ld.so dynamic loader (CVE-2019-19726). The _dl_getenv() function fails to reset the LD_LIBRARY_PATH environment variable when set with approximately ARG_MAX colons. This can be abused to load libutil.so from an untrusted path, using LD_LIBRARY_PATH in combination with the chpass set-uid executable, resulting in privileged code execution. This module has been tested successfully on OpenBSD 6.1 (amd64) and OpenBSD 6.6 (amd64).

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.

Deep Instinct Windows Agent version 1.2.29.0 suffers from an unquoted service path vulnerability.

The Windows "net use" network logon type-3 command does not prompt for authentication when the built-in Administrator account is enabled and both remote and originating systems suffer from password reuse. This also works as "standard" user but unfortunately we do not gain high integrity privileges. However, it opens the door and increases the attack surface if the box we laterally move to has other vulnerabilities present.

Microsoft Windows suffers from an NtFilterToken ParentTokenId incorrect setting that allows for elevation of privileges.

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.