Recon Simplified with Spyse

One of the major struggles in bug bounty hunting is to collect and analyze data during reconnaissance, especially when there are a lot of tools around but very few that offer actually useful results. The job of eliminating false positives and unrelated data from your recon becomes harder as the...

ReconNote - Web Application Security Automation Framework Which Recons The Target For Various Assets To Maximize The Attack Surface For Security Professionals & Bug-Hunters

Web Application Security ReconAutomation Framework It takes user input as a domain name and maximize the attack surface area by listing the assets of the domain like - Subdomains from - Amass ,findomain, subfinder & resolvable subdomains using shuffledns Screenshots Port Scan JS files Httpx Statu...

Security Bulletin: Rational Automation Framework Environment Wizard Vulnerability (CVE-2012-4816)

Summary Accessing the IBM Rational Automation Framework web user interface via the standard port 80 forces a login prompt to the user. However, a user can bypass this by hitting the default application server port 8080 and browsing various context roots until they locate the wizard. Vulnerability...

RedwoodHQ Bypass Authentication Vulnerability

RedwoodHQ is an open source automated testing framework. The product supports programming languages such as Java, Groovy, Python and C and is capable of creating readable keyword-driven test cases. A security vulnerability exists in RedwoodHQ version 2.5.5. The vulnerability stems from a lack of...

CVE-2019-12890

RedwoodHQ 2.5.5 does not require any authentication for database operations, which allows remote attackers to create admin users via a con.automationframework users insertone call...

stoQ - An Open Source Framework For Enterprise Level Automated Analysis

stoQ is a automation framework that helps to simplify the more mundane and repetitive tasks an analyst is required to do. It allows analysts and DevSecOps teams the ability to quickly transition from different data sources, databases, decoders/encoders, and numerous other tasks. stoQ was designed...

Security Bulletin: Vulnerability in IBM Java SDK affect Rational Automation Framework (CVE-2015-4872)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 7SR8 that is used by Rational Automation Framework. This issue was disclosed as part of the IBM Java SDK updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerability in...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Automation Framework (CVE-2015-1931, CVE-2015-2601, CVE-2015-2625)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7SR8 that is used by Rational Automation Framework. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2601 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Automation Framework (CVE-2015-0488, CVE-2015-0204, CVE-2015-2808, CVE-2015-1916 )

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by Rational Automation Framework. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID:CVE-2015-0488 DESCRIPTION:An unspecified vulnerability related to...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Automation Framework (CVE-2015-1790)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by Rational Automation Framework. Rational Automation Framework has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1790 DESCRIPTION: OpenSSL is vulnerable to a denial of...

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Automaiton Framework (CVE-2015-1793)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project and affect Rational Automation Framework. This includes the alternate chains certificate forgery vulnerability CVE-2015-1793. Rational Automation Framework has addressed the applicable CVEs. Vulnerability Details CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Automation Framework (CVE-2015-0410 and CVE-2014-6593 )

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7SR8, that is used by Rational Automation Framework. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT...

Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects Rational Automation Framework (CVE-2015-4000)

Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects Rational Automation Framework. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to...

Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Automation Framework (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" Attack for SSL/TLS affects Rational Automation Framework. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit...

Security Bulletin: Vulnerability in IBM Java SDK affects Rational Automation Framework (CVE-2015-0138)

Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition that is used by Rational Automation Framework, Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations...

Security Bulletin: OpenSSL vulnerabilities for Rational Automation Framework Security Advisory (CVE-2015-0204)

Summary A vulnerability in the OpenSSL ssl3getkeyexchange function could allow a remote attacker to downgrade the security of certain TLS connections. An OpenSSL client accepts the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using...

Security Bulletin: Java Technology Edition Quarterly CPU - October 2014 for Rational Automation Framework (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLTLS is enabled by default in embedded Build Forge in some pages. Vulnerability Details | Subscribe to My Notifications to be notified of important product suppo...

Security Bulletin: Rational Automation Framework Security Advisory (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLTLS is enabled by default in embedded Build Forge in some pages. Vulnerability Details | Subscribe to My Notifications to be notified of important product suppo...

Security Bulletin: Open Source Apache HTTP vulnerabilities (CVE-2014-0098) for RAF

Summary Previous releases of IBM Rational Automation Framework RAF are affected by the vulnerabilitie in Apache HTTP Server that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important...

Security Bulletin: Open Source Apache Tomcat - 4 issues (CVE-2013-4286) for RAF

Summary Previous releases of IBM Rational Automation Framework RAF are affected by the vulnerabilitie in Apache Tomcat that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product...