OWASP Offensive Web Testing Framework: OWFT

The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming. OWASP OWTF is a project focused on penetration testing efficiency and...

PowerShell Runspace Portable Post Exploitation Tool: PowerOPS

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell “easier” PowerOPS is an application written in C that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment .NET. It intends to...

HDWiki 5.1 /control/doc.php SQL injection vulnerability

HDWiki description Interactive wiki open source systems HDWiki as China's first with independent intellectual property rights of the Chinese Wiki（Wiki）system, the interactive online（Beijing）Technology Co., Ltd. in 2006 to 11 November 28 the official launch, and strive for domestic and foreign man...

partners.caesarsinteractive.com XSS vulnerability

Vulnerable URL: http://partners.caesarsinteractive.com/processing/profilerotator.asp?pid=%22%3E%3Cscript%3Ealert%28%27OPENBUGBOUNTY%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 31.10.2016 Latest check for patch:| 31.10.2016 15:51 GMT Vulnerability type:| XSS...

Reverse Engineering Cross Platform Disassembler: Panopticon

Reverse Engineering Cross Platform Disassembler Panopticon is a disassembler that understands the semantics of opcodes. This way it’s able to help the user by discovering and displaying invariants that would have to be discovered “by hand” in traditional disassemblers. This allows an interactive...

Remote Vulnerability Testing Framework: Pocsuite

Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers. Requirements Python 2.6...

interactive-resources.co.uk XSS vulnerability

Vulnerable URL: http://www.interactive-resources.co.uk/search?searchTerm=OPENBUGBOUNTY%22%3E%3Cscript%3Econfirm%28%22OPENBUGBOUNTY%22%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:45 GMT Vulnerability type:| XSS Vulnerabili...

Htcap - web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes

htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it's focused mainly on the crawling process and uses external tools to discover vulnerabilities. It'...

OpenSSH < 7.0 Multiple Vulnerabilities

Binary data 9309.prm...

cbonline.interactivedata.com XSS vulnerability

Open Bug Bounty ID: OBB-147484 Description| Value ---|--- Affected Website:| cbonline.interactivedata.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...

IDA SDK 6.9 Demo / IDA 5.0 Freeware DLL Hijacking

Software : Interactive DisAssembler IDA PRO Version: = IDA SDK 6.9 demo IDA 5.0 Freeware Software Link: https://www.hex-rays.com/products/ida/support/download.shtml Tested on: WINDOWS XP SP3 - 32 bit, WINDOWS 7 SP1 - 32 bit, Windows 8.1 32 bit IDA Pro suffers from DLL HIJACK Vulnerability from .i...

ŠKODA Interactive Catalogue - Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application ŠKODA Interactive Catalogue published at the 'play' market has multiple vulnerabilities...

Magic Watchface-Interactive - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Magic Watchface-Interactive published at the 'play' market has multiple vulnerabilities...

Apple, Google Faced All Writs Act Orders

The American Civil Liberties Union has dug up more proof that from the get-go the FBI’s attempt to crack open an iPhone used by the San Bernardino shooter Syed Rizwan Farook was not just about the one phone. The ACLU found court documents and on Wednesday published an interactive map visualizing...

Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20160321)

It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. CVE-2016-3115 It was discovered that the OpenSSH sshd daemon did not chec...

CentOS Update for openssh CESA-2016:0466 centos6

Check the version of openssh SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882431";...

openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices

It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

htop 2.0 - An Interactive Process Viewer for Unix

htop is an interactive system-monitor process-viewer. It is designed as an alternative to the Unix program top. It shows a frequently updated list of the processes running on a computer, normally ordered by the amount of CPU usage. Unlike top, htop provides a full list of processes running, inste...

Fortinet FortiOS SSH Undocumented Interactive Login Vulnerability

The SSH server running on the remote host can be logged into using default SSH credentials. The 'FortimanagerAccess' account has a password based on the string 'FGTAbc11xy+Qqz27' and a calculated hash that is publicly known. A remote attacker can exploit this to gain administrative access to the...