CVE-2022-45403

Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR 102.5,...

CVE-2022-0987

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists...

Jenkins Doktor Plugin Proxy Controller Security Bypass Vulnerability

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. The Jenkins Doktor Plugin Agent Controller security bypass vulnerability can be exploited to allow an attacker to take control of the agent process to determine if a file with a given name exists...

New GootLoader Campaign Targets Accounting, Law Firms

Once prolific spreaders of REvil ransomware, the GootLoader malware gang has pivoted to actively targeting employees of law and accounting firms with malicious downloads. The Threat Response Unit from eSentire issued an alert about having over the past three weeks observed GootLoader attacks on...

Security.txt File Not Detected

A Security.txt file has not been detected on the target. When security risks in web services are discovered by independent security researchers, this file defines the channels to disclose them properly & enables 3rd party researchers to disclose issues securely in a manner defined by the...

Vxscan

This is a Python-based comprehensive scanning tool called Vxscan, which is used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The...

HawkScan - Security Tool For Reconnaissance And Information Gathering On A Website

Security Tool for Reconnaissance and Information Gathering on a website. python 2.x & 3.x This script use "WafW00f" to detect the WAF in the first step https://github.com/EnableSecurity/wafw00f This script use "Sublist3r" to scan subdomains https://github.com/aboul3la/Sublist3r This script use...

Vxscan

This is a Python script called Vxscan, which is a comprehensive scanning tool. It is primarily used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, and SQL injection. T...

LinuxCheck - Linux Information Collection Script

A small linux information collection script is mainly used for emergency response. It can be used under Debian or Centos. Features CPU TOP10, memory TOP10 CPU usage boot time Hard disk space information User information, passwd information Environmental variable detection Service list System...

MacOS Malicious File Detection: User Defined Malware

Binary data macosmalwareuserfilescan.nbin...

Linux Malicious File Detection

Binary data linuxmalwarescanfilescan.nbin...

Vxscan - Comprehensive Scanning Tool

Python3 comprehensive scanning tool, mainly used for sensitive file detection directory scanning and js leak interface, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, winding Pass CD...

Honeywell 2MLL-PSRA-CC Communications Adapter Detection

Binary data 750899.prm...

Oracle Java File Detection for Windows (deprecated)

The host contains one or more java executables. This plugin has been deprecated. unmanagedsoftwarewindows.nbin plugin ID 921433 is used instead. Binary data sunjavasearch.nbin...

Environment Configuration File Detected

An environment configuration file .env has been detected on the web application by the scanner. It may be possible for an attacker to view sensitive information database login and password or API keys for example and then conduct further attacks. No source data...

Cisco Advanced Malware Protection for Endpoints macOS Connector Input Validation Vulnerability

Cisco Advanced Malware Protection AMP for Endpoints macOS Connector is an endpoint security solution that prevents, monitors, and responds to advanced threats for macOS devices from Cisco. An input validation vulnerability exists in the file type detection mechanism in Cisco AMP for Endpoints mac...

openSUSE Security Update : lame (openSUSE-2018-214)

This update for lame fixes the following issues : Lame was updated to version 3.100 : - Improved detection of MPEG audio data in RIFF WAVE files. sf3545112 Invalid sampling detection - New switch --gain , range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the u...

CVE-2017-8529

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka...

CVE-2017-8529

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka...

CVE-2017-8529

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka...