rc

Scapy Packet Manipulation Tool 2.4.3rc4

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.




rc

TestSSL 3.0rc6

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.




rc

Key Reinstallation: Forcing Nonce Reuse In WPA2

Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.




rc

Android Securty Research: Crypto Local Storage Attack

Whitepaper called Android Security Research: Crypto Wallet Local Storage Attack.






rc

CloudFlare Probes Mystery Interception Of Site Traffic Across India





rc

AV Arcade 3 Insecure Cookie / SQL Injection

AV Arcade version 3 suffers from insecure cookie and SQL injection vulnerabilities.




rc

AV Arcade Pro 5.4.3 Cookie Manipulation

AV Arcade Pro version 5.4.3 suffers from an insecure cookie vulnerability that allows for access bypass.




rc

ResourceSpace 6.4.5976 XSS / SQL Injection / Insecure Cookie Handling

ResourceSpace suffers from cross site scripting, html injection, insecure cookie handling, and remote SQL injection vulnerabilities. Versions 6.4.5976 and below are affected.








rc

GitHub Blasts Code-Scanning Tool Into All Open-Source Projects








rc

rConfig 3.93 Authenticated Remote Code Execution

rConfig version 3.93 suffers from an authenticated ajaxAddTemplate.php remote code execution vulnerability.




rc

rConfig 3.9.4 Remote Command Injection

rConfig version 3.9.4 suffers from a search.crud.php remote command injection vulnerability.




rc

Win32 Eggsearch Shellcode

33 bytes small Win32 egg searching shellcode that should work on all service packs of Microsoft Windows XP, 2k, and 2k3.




rc

rConfig 3.9.2 Command Injection

This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64).




rc

WordPress WooCommerce CardGate Payment Gateway 3.1.15 Bypass

WordPress WooCommerce CardGate Payment Gateway plugin version 3.1.15 suffers from a payment process bypass vulnerability.




rc

Magento WooCommerce CardGate Payment Gateway 2.0.30 Bypass

Magento WooCommerce CardGate Payment Gateway version 2.0.30 suffers from a payment process bypass vulnerability.




rc

rConfig 3.9.4 searchField Remote Code Execution

rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.




rc

TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution

This Metasploit module exploits a command injection vulnerability in the tdpServer daemon (/usr/bin/tdpServer), running on the router TP-Link Archer A7/C7 (AC1750), hardware version 5, MIPS Architecture, firmware version 190726. The vulnerability can only be exploited by an attacker on the LAN side of the router, but the attacker does not need any authentication to abuse it. After exploitation, an attacker will be able to execute any command as root, including downloading and executing a binary from another host. This vulnerability was discovered and exploited at Pwn2Own Tokyo 2019 by the Flashback team.







rc

WordPress WooCommerce Advanced Order Export 3.1.3 Cross Site Scripting

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.





rc

Half Of Industrial Control System Networks Have Faced Cyber Attacks, Say Security Researchers




rc

Dr. Anthony Fauci Forced To Beef Up Security As Death Threats Increase




rc

Microsoft Windows Kernel REG_RESOURCE_LIST Memory Disclosure

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_LIST registry values (CmResourceTypeDevicePrivate entries).




rc

Microsoft Windows Kernel REG_RESOURCE_LIST Memory Disclosure

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_LIST registry values (videoprt.sys descriptors).




rc

Microsoft Windows Kernel REG_RESOURCE_REQUIREMENTS_LIST Memory Disclosure

The Microsoft Windows kernel suffers from a 64-bit pool memory disclosure vulnerability via REG_RESOURCE_REQUIREMENTS_LIST registry values.




rc

Source Engine CS:GO Build 4937372 Arbitrary Code Execution

Source Engine CS:GO BuildID: 4937372 arbitrary code execution exploit.




rc

GNU Barcode 0.99 Memory Leak

GNU Barcode version 0.99 suffers from a memory leak vulnerability.




rc

rcrypt 1.4

rcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many others. Archive password is 0xrage.com.




rc

GitLab Awards Researcher $20,000 For Remote Code Execution Bug





rc

Apple's Corellium Lawsuit Causes Chilling Effect With Security Researchers




rc

TBA_v1_prc.zip

TBA is the first wardialer for the PalmOS platform. Using a Palm device with a modem, you can wardial from anywhere a phone line is available - throw it in a phone can to retrieve later, toss it up in the ceiling during a security audit - the possibilities are endless.








rc

Google Chrome To Block Heavy Ads That Use Too Many Resources