Lucene search
K

272 matches found

n0where
n0where
added 2018/08/29 3:43 a.m.32 views

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...

0.2AI score
Exploits0References2
Kitploit
Kitploit
added 2018/08/27 1:2 p.m.52 views

BillCipher - Information Gathering Tool For A Website Or IP Address

Information Gathering tool for a Website or IP address, use some ideas from Devploit. BillCipher can work in any operating system if they have and support Python 2, Python 3, and Ruby. Features DNS Lookup Whois Lookup GeoIP Lookup Subnet Lookup Port Scanner Page Links Zone Transfer HTTP Header Ho...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2018/08/09 1:12 p.m.42 views

TIDoS Framework - The Offensive Web Application Penetration Testing Framework

TIDoS Framework is a comprehensive web-app audit framework. let's keep this simple Highlights :- The main highlights of this framework is: TIDoS Framework now boasts of a century+ of modules. A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis. Has ...

7.9AI score
Exploits0References1
Fedora
Fedora
added 2018/07/27 4:49 p.m.42 views

[SECURITY] Fedora 28 Update: suricata-4.0.5-1.fc28

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

9.8CVSS0.2AI score0.02302EPSS
Exploits0
Fedora
Fedora
added 2018/07/27 4:0 p.m.40 views

[SECURITY] Fedora 27 Update: suricata-4.0.5-1.fc27

The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...

9.8CVSS0.2AI score0.02302EPSS
Exploits0
Kitploit
Kitploit
added 2018/07/01 10:10 p.m.973 views

Devploit v3.6 - Information Gathering Tool

Devploit is a simple python script to Information Gathering. Download: git clone https://github.com/joker25000/Devploit How to use: cd Devploit chmod +x install ./install Run in Terminal Devploit To run in Android you do not install file Run direct python2 Devploit Properties: DNS Lookup Whois...

7.2AI score
Exploits0References1
CNVD
CNVD
added 2018/06/04 12:0 a.m.2 views

F5 BIG-IP Cross-Site Scripting Attack Vulnerability

F5 BIG-IP as an access solution provides SSL VPN remote access, security, application acceleration and high availability for remote users. A cross-site scripting attack vulnerability exists in F5 BIG-IP due to a flaw in the F5 BIG-IP GeoIP lookup input validation, which can be exploited by an...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References1
NVD
NVD
added 2018/06/01 2:29 p.m.17 views

CVE-2018-5521

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS...

6.1CVSS6.3AI score0.00923EPSS
Exploits0References2
OSV
OSV
added 2018/06/01 2:29 p.m.2 views

CVE-2018-5521

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS...

6.1CVSS5.9AI score0.00923EPSS
Exploits0References2
Prion
Prion
added 2018/06/01 2:29 p.m.19 views

Cross site scripting

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS...

4.3CVSS6.3AI score0.00923EPSS
Exploits0References2Affected Software13
CVE
CVE
added 2018/06/01 2:0 p.m.62 views

CVE-2018-5521

CVE-2018-5521 affects F5 BIG-IP platforms with GeoIP2 logic. The root cause is reflection of crafted URLs into GeoIP lookup responses, enabling cross-site scripting (XSS) on affected clients. Affected BIG-IP versions include 12.1.0–12.1.3.1, 11.6.1–11.6.3.1, 11.5.1–11.5.5, and 11.2.1. The officia...

6.1CVSS6.2AI score0.00923EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/06/01 2:0 p.m.24 views

CVE-2018-5521

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS...

6.3AI score0.00923EPSS
Exploits0References2
CNVD
CNVD
added 2018/05/31 12:0 a.m.4 views

adamvr-geoip-lite file download vulnerability

adamvr-geoip-lite is an API provided for IP geo-mapping data files. A file download vulnerability exists in adamvr-geoip-lite that originates when a program downloads geoip resources over the HTTP protocol. An attacker could use this vulnerability to read or modify the resource, affecting the...

8.1CVSS7.8AI score0.00717EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/31 12:0 a.m.1 views

geoip-lite-country code execution vulnerability

geoip-lite-country is a lite version of the geoip-lite library for querying the location of IP addresses, supporting only country queries for IPs. A security vulnerability exists in versions of geoip-lite-country prior to 1.1.4, which originates when a program downloads a data resource over the...

8.1CVSS7.1AI score0.00578EPSS
Exploits0References1
OSV
OSV
added 2018/05/29 8:29 p.m.16 views

CVE-2016-10680

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an...

8.1CVSS8.2AI score0.00717EPSS
Exploits0References1
NVD
NVD
added 2018/05/29 8:29 p.m.18 views

CVE-2016-10680

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an...

8.1CVSS8AI score0.00717EPSS
Exploits0References1
Prion
Prion
added 2018/05/29 8:29 p.m.11 views

Design/Logic Flaw

geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

6.8CVSS7AI score0.00578EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/05/29 8:29 p.m.15 views

CVE-2016-10568

geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

8.1CVSS8AI score0.00578EPSS
Exploits0References1
Prion
Prion
added 2018/05/29 8:29 p.m.15 views

Code injection

adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the decisions made by an...

6.8CVSS6.9AI score0.00717EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/05/29 8:29 p.m.8 views

CVE-2016-10568

geoip-lite-country is a stripped down version of geoip-lite, supporting only country lookup. geoip-lite-country before 1.1.4 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

8.1CVSS8.2AI score
Exploits0References1
Rows per page
Query Builder