Ruby Web Applications Vulnerability Scanner: Yasuo

Ruby Web Applications Vulnerability Scanner Yasuo is a ruby script that scans for vulnerable 3rd-party web applications While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us ...

lighttpd -- Log injection vulnerability in mod_auth

MITRE reports: modauth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character...

Microsoft Visual Basic VBE6.DLL Stack Memory Corruption (MS10-031) - Ver2 (CVE-2010-0815)

Microsoft Visual Basic VBA is a technology for developing client desktop packaged applications and integrating them with existing data and systems. Microsoft Office products include VBA and make use of VBA to perform certain functions. A remote code execution vulnerability has been reported in th...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...

Microsoft VBScript ASLR Bypass Vulnerability

Microsoft Internet Explorer is a WEB-based browser. An unspecified ASLR bypass vulnerability exists in Microsoft Internet Explorer, which allows remote attackers to exploit the vulnerability to construct a malicious WEB page that can be tricked into parsing, bypassing security restrictions, and...

Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities exist in the mono-basic component of the SUSE Linux Enterprise operating system. Exploitation of these vulnerabilities can lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

The vulnerability of the OpenSUSE operating system allows attackers to compromise the confidentiality of protected information.

The vulnerability of the mono-basic package in the OpenSUSE operating system can lead to a violation of the confidentiality of protected information. This vulnerability can be exploited remotely...

Siemens Patches Ghost Flaw Simatic Product

Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The...

Net-creds - Sniff passwords and hashes from an interface or pcap file

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Sniffs URLs visited POST loads sent HTTP form logins/passwords HTTP basic auth logins/passwords HTTP searches FTP logins/passwords IRC...

Kemp Load Master 7.1.16 - Multiple Vulnerabilities

Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link:...

Kemp Load Master 7.1.16 - Multiple Vulnerabilities

Exploit Title: Kemp Load Master - Multiple Vulnerabilities RCE, CSRF, XSS, DoS Date: 01 April 2015 Author: Roberto Suggi Liverani Software Link: http://kemptechnologies.com/load-balancer/ Version: 7.1.16 and previous versions Tested on: Kemp Load Master 7.1-16 CVE : CVE-2014-5287/5288 Link:...

Microsoft VBScript Scripting Engine Memory Corruption Arbitrary Code Execution Vulnerability

Microsoft Windows is an operating system developed by Microsoft. A memory corruption vulnerability exists in the Microsoft Windows VBScript scripting engine's handling of specially crafted HTML, which could allow an attacker to construct a malicious Web page and trick a user into parsing it, whic...

Drupal Services Basic Authentication Module Access Bypass Vulnerability

Drupal is an open source content management platform. An access bypass vulnerability exists in the Drupal Services Basic Authentication Module, which allows an attacker to bypass security restrictions and perform unauthorized access...

NSEarch - Nmap Script Engine Search

NSEarch is a tool that helps you find scripts that are used nmap NSE , can be searched using the name or category , it is also possible to see the documentation of the scripts found. USAGE: $ python nsearch.py Main Menu Initial Setup ================================================ | \ | |/ || | ...

SA-CONTRIB-2015-050 - Services Basic Authentication - Access bypass

Services Basic Authentication module adds HTTP basic authentication for Services module. A user could get unauthorized access to resources under some circumstances. This vulnerability is mitigated by the fact that the authentication works correctly when page caching is disabled. CVE identifiers...

Apache ActiveMQ Web Console Default Credentials

ActiveMQ Web Console, an administrative interface for Apache ActiveMQ, is protected using default credentials. Note that no authentication mechanism was provided prior to version 5.4.0. However, in version 5.4.0, HTTP Basic Authentication was an option, and starting with version 5.8.0, this was...

EAP6: Plain text password logging during security audit

It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain...

Microsoft Visual Basic 6 Enterprise SP6 vb6stkitdll Buffer Overflow - Ver2 (CVE-2008-2959)

A buffer overflow vulnerability has been reported in Microsoft Visual Basic Enterprise Edition. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

IPSwitch IMAIL LDAP Overflow - Ver2 (CVE-2004-0297)

The LDAP protocol elements are encoded for exchange using ASN.1 Basic Encoding Rules BER. Buffer overflow vulnerabilities exist in the LDAP component of IPSwitch's IMail server. The vulnerable LDAP daemon does not properly validate the content of an LDAP message. The vulnerability allows both DoS...

jetAudio 8.1.3.2200 Crash Proof Of Concept

Exploit Title : jetAudio 8.1.3.2200 Basic m3u Crash POC Product : jetAudio Basic Date : 27.12.2014 Exploit Author : Hadji Samir [email protected] Software Link : http://www.jetaudio.com/download/ Vulnerable version : 8.1.3.2200 Basic Vendor Homepage : http://www.jetaudio.com/ Tested on : Windows 7...