This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that
| # Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion | |
| # Date: 25/1/2022 | |
| # Exploit Author: Jonah Tan (@picar0jsu) | |
| # Vendor Homepage: https://www.oracle.com | |
| # Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html | |
| # Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 | |
| # Tested on: Windows Server 2019, WebLogic 12.2.1.3.0, Peoplesoft 8.57.22 | |
| # CVE : CVE-2022-21371 | |
| # Description |
| # Check for arguments | |
| if [ $# -lt 3 ] | |
| then | |
| echo "Not enough arguments supplied" | |
| echo "Usage: ./deauth.sh <bssid> <channel> <interface>" | |
| else | |
| BSSID=$1 | |
| CHAN=$2 | |
| INTERF=$3 | |
| TIMEOUT=20 |
| import urllib.request, json, sys, textwrap | |
| # Run like | |
| # python3 pubsploit.py CVE-2017-0143 | |
| def cveSearch(cve): | |
| with urllib.request.urlopen('http://cve.circl.lu/api/cve/'+cve) as url: | |
| data = json.loads(url.read().decode()) | |
| try: | |
| if data['cvss']: | |
| print("{} | CVSS {}".format(cve,data['cvss'])) |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="UTF-8" /> | |
| <title>Twitter Archive Browser</title> | |
| <script src="https://unpkg.com/react@16/umd/react.development.js"></script> | |
| <script src="https://unpkg.com/react-dom@16/umd/react-dom.development.js"></script> | |
| <script src="https://unpkg.com/babel-standalone@6.15.0/babel.min.js"></script> | |
| <style> |
