Authentication flaw

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the...

SVScanner - Scanner Vulnerability And Massive Exploit

Is a tool for scanning and massive exploits. Our tools target several open source cms. Getting Started with Linux 1. git clone https://github.com/radenvodka/SVScanner.git 2. cd SVScanner 3. php svscanner.php Getting Started with Windows 1. Download Xampp PHP7 2. Download SVScanner :...

CVE-2018-0657

Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module PG Multi-Payment Service for EC-CUBE EC-CUBE Payment Module 2.12 version 3.5.23 and earlier, EC-CUBE Payment Module 2.11 version 2.3.17 and earlier, GMO-PG Payment Module PG Multi-Payment Service 2.12 version...

Mobile Application Testing Toolkit: Scrounger

Even though several other mobile application analysis tools have been developed, there is no one tool that can be used for both android and ios and can be called a “standard” must use on every mobile application assessment. The idea behind Scrounger is to make a metasploit-like tool that will not...

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...

Security update for kbuild, virtualbox (important)

This update for kbuild, virtualbox fixes the following issues: kbuild changes: - Update to version 0.1.9998svn3110 - Do not assume glibc glob internals - Support GLIBC glob interface version 2 - Fix build failure boo1079838 - Fix build with GCC7 boo1039375 - Fix build by disabling vboxvideodrv.so...

Dark Tequila: A Distilled Threat for Mexican Targets

Researchers have been tracking an ongoing malicious campaign targeting victims in Mexico, with a highly crafted tool built to steal financial information and login credentials for popular websites. Researchers at Kaspersky Lab said today that the campaign, dubbed Dark Tequila, and its supporting...

Dark Tequila Banking Malware Uncovered After 5 Years of Activity

Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila , the campaign delivers an advanced keylogger malware that managed to stay under the radar for...

RouterSploit v3.3.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

Node.js third-party modules: Code Injection Vulnerability in dot Package

I would like to report a code injection vulnerability in dot. It allows attackers to execute arbitrary JS code, especially when combined with a prototype pollution attack. Module module name: dot version: 1.1.2 npm page: https://www.npmjs.com/package/dot Module Description Created in search of th...

Node.js third-party modules: Prototype Pollution Vulnerability in mpath Package

I would like to report prototype pollution vulnerability in mpath. It allows an attacker to inject arbitrary properties on Object.prototype. Module module name: mpath version: 0.4.1 npm page: https://www.npmjs.com/package/mpath Module Description G,Set javascript object values using MongoDB-like...

Node.js third-party modules: Code Injection Vulnerability in zombie Package

I would like to report a code injection vulnerability in zombie. It allows crawled websites to access privileged APIs such as the file system or child process. Module module name: zombie version: 6.1.2 npm page: https://www.npmjs.com/package/zombie Module Description Insanely fast, headless...

Camelishing - Social Engineering Tool

Camelishing Social Engineering Tool Features 1. Bulk email sending 2. Basic Python Agent Creator 3. Office Excel Macro Creator 4. DDE Excel Creatoror Custom Payload 5. Return İnformation Mail Open Track Agent Open Track 6. AutoSave 7. Statistics Report 8. User Control Installation Modules $ pip...

CVE-2018-9062 BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code...

[SECURITY] Fedora 27 Update: ansible-2.6.1-1.fc27

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Pure Blood - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter Menu Web Pentest | Banner Grab | Whois | Traceroute | DNS Record | Reverse DNS Lookup | Zone Transfer Lookup | Port Scan | Admin Panel Scan | Subdomain Scan | CMS Identify | Reverse IP Lookup | Subnet Lookup | Extract Pa...

Fedora 27 : knot-resolver (2018-50d055a5af)

Knot Resolver 2.4.0 2018-07-03 ================================ Incompatible changes -------------------- - minimal libknot version is now 2.6.7 to pull in latest fixes 366 Security -------- - fix a rare case of zones incorrectly dowgraded to insecure status !576 New features ------------ - TLS...

[SECURITY] Fedora 28 Update: ansible-2.6.1-1.fc28

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Node.js third-party modules: Prototype pollution attack (defaults-deep / constructor.prototype)

I would like to report a prototype pollution vulnerability in defaults-deep. It allows an attacker to inject properties on Object.prototype. Module module name: defaults-deep version: 0.2.4 npm page: https://www.npmjs.com/package/defaults-deep Module Description Like extend but recursively copies...

Code injection

BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS...