V3n0M-Scanner – Free and Open-source Vuln Scanner in Python

Popular Pentesting scanner in Python3.6 for SQLi/ XSS / LFI/ RFI and other Vulns.
Evolved from baltazar’s scanner, it has adapted several new features that improve functionality and usability. It is mostly experimental software .
This program is for finding and executing various vulnerabilities. It scavenges the web using dorks and organizes the URLs it finds. Use at your own risk.

MicroBackdoor:– Small and convenient C2 tool for Windows targets.

Micro Backdoor is C2 tool for Windows targets with easy customizable code base and small footprint. Micro Backdoor consists from server, client and dropper. It wasn’t designed as replacement for your favorite post-exploitation tools but rather as really minimalistic thing with all of the basic features in less than 5000 lines of code, client DLL size is less than 20Kb without compression.

[CVE-2021-3493] Ubuntu LPE OverlayFS PE Exploit

Masalah khusus Ubuntu dalam sistem file overlayfs di kernel Linux yang tidak memvalidasi aplikasi kapabilitas sistem file dengan benar sehubungan dengan ruang nama pengguna. Penyerang lokal dapat menggunakan ini untuk mendapatkan hak istimewa yang lebih tinggi, karena tambalan yang dilakukan di Ubuntu untuk memungkinkan pemasangan overlay tanpa hak istimewa.

[CVE-2021-22986] Server ID banyak yang VULN

Kerentanan ini memungkinkan penyerang yang tidak diautentikasi dengan akses jaringan ke antarmuka REST iControl, melalui antarmuka manajemen BIG-IP dan alamat IP sendiri, untuk menjalankan perintah ssebagai administrator(root), membuat atau menghapus file, dan menonaktifkan layanan.

E-Mail Security Virtual Appliance (ESVA) Remote Execution.

ESVA (E-Mail Security Virtual Appliance) is a pre-built and semi-configured email scanning appliance that will run on VMware Workstation, Server, Player or ESX Server.

-=+ Infected Files
…./cgi-bin/learn-msg.cgi
…./cgi-bin/release-msg.cgi
Not found any strips/filter to metacharacters..
Attacker can easily execute command..