Design/Logic Flaw

The InputAccel Database IADB installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel IA SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file...

CVE-2015-0519

The InputAccel Database IADB installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel IA SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file...

CVE-2015-0519

The CVE-2015-0519 issue affects EMC Captiva Capture 7.0 (before patch 25) and 7.1 (before patch 13). During InputAccel Database (IADB) installation, a cleartext InputAccel (IA) SQL password may be written to a DAL log file, enabling local users to read sensitive credentials. Impact is defined as ...

IBM Tivoli Endpoint Manager HTML Injection Vulnerability

IBM Tivoli Endpoint Manager provides a unified, real-time visualization and implementation approach to deploying and managing patches to all endpoints. IBM Tivoli Endpoint Manager failed to properly filter user-submitted input, allowing remote attackers to exploit vulnerabilities to inject...

openSUSE Security Update : vlc (openSUSE-SU-2015:0201-1)

vlc was updated to the current openSUSE Tumbleweed version. live555 was also updated to the current openSUSE Tumbleweed version as a dependency. Security issues fixed : - Fix various buffer overflows and null ptr dereferencing boo914268, CVE-2014-9625. Other fixes : - Enable SSE2 instruction set...

IP Thief - Simple IP Stealer in PHP

A simple PHP script to capture the IP address of anyone that send the "imagen.php" file with the following options: + It comes with an administrator to view and delete IP + You can change the redirect URL image + Can you see the country of the visitor Download IP Thief...

Upload pictures of the shell to bypass the filter of several methods-vulnerability warning-the black bar safety net

General site picture upload function to the file filter, to prevent webshell written. But the different procedures of the filter are not the same, how to break through the filter to continue to upload? This article summarizes seven methods that can break! 1, The file header+GIF89a law. （php//this...

Dshell – Network Forensic Analysis Framework

Dshell An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders Prerequisites Linux developed on Ubuntu 12.04...

SmartSniff v2.16 - Capture TCP/IP packets on your network adapter

SmartSniff is a network monitoring utility that allows you to capture TCP/IP packets that pass through your network adapter, and view the captured data as sequence of conversations between clients and servers. You can view the TCP/IP conversations in Ascii mode for text-based protocols, like HTTP...

Vimeo: CSRF bypass

Dear Team, Once again i'm here. During research of vimeo.com I found that you are using anti-csrf token against csrf attack. but it's not going to validate on server side. let's see Step 1: go to https://vimeo.com/forgotpassword Step 2: write your email and click on help me. Step 3: Now before...

Password Sniffer Console - Command-line Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP Passwords

Password Sniffer Console is the all-in-one command-line based Password Sniffing Tool to capture Email, Web and FTP login passwords passing through the network. It automatically detects the login packets on network for various protocols and instantly decodes the passwords. Here is the list of...

Oracle Solaris Third-Party Patch Update : wireshark (multiple_denial_of_service_vulnerabilities2)

The remote Solaris system is missing necessary patches to address security updates : - The dissectpacket function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service application crash via a long packet in a capture file, as...

Authentication Capture: SMB

This module provides a SMB service that can be used to capture the challenge-response password NTLMv1 & NTLMv2 hashes used with SMB1, SMB2, or SMB3 client systems. Responses sent by this service by default use a random 8 byte challenge string. A specific value such as 1122334455667788 can be set...

Adobe Flash Player Multiple Vulnerabilities-01 (Jan 2015) - Linux

Adobe Flash Player is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:flashplayer";...

Cisco AnyConnect Secure Mobility Client Identity Spoofing Vulnerability

Cisco AnyConnect Secure Mobility is a secure enterprise mobility solution. An identity spoofing vulnerability exists in the Cisco AnyConnect Secure Mobility Client, which allows remote attackers to spoof forms of authentication and capture credentials via unspecified vectors...

Design/Logic Flaw

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940...

SniffPass - Password Monitoring/Sniffing Software (Web/FTP/Email)

SniffPass is small password monitoring software that listens to your network, capture the passwords that pass through your network adapter, and display them on the screen instantly. SniffPass can capture the passwords of the following Protocols: POP3, IMAP4, SMTP, FTP, and HTTP basic authenticati...

HTTP/HTTPs MITM Proxy and Traffic Recorder: Hyperfox

HTTP/HTTPs MITM Proxy and Traffic Recorder Hyperfox is a security tool for proxying and recording HTTP and HTTPs communications on a LAN Network Hyperfox is capable of forging SSL certificates on the fly using a root CA certificate and its corresponding key both provided by the user. If the targe...

USBPcap - USB Packet capture for Windows (open-source USB Sniffer for Windows)

USBPcap is an open-source USB sniffer for Windows. USB Packet capture for Windows Tour Download USBPcap...

Linux Modules Connected to Turla APT Attacks Discovered

The Turla APT campaigns have a broader reach than initially anticipated after the recent discovery of two modules built to infect servers running Linux. Until now, every Turla sample in captivity was designed for either 32- or 64-bit Windows systems, but researchers at Kaspersky Lab have discover...