Lucene search
K

251 matches found

Kitploit
Kitploit
added 2023/12/12 11:30 a.m.35 views

NetProbe - Network Probe

NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices. Features Scan for devices on a specified IP address or subnet...

7.3AI score
Exploits0References2
Prion
Prion
added 2023/11/20 11:15 p.m.12 views

Design/Logic Flaw

TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name and even without. A log file is created at...

5CVSS6.8AI score0.01083EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/19 1:19 p.m.5 views

php: XML loading external entity without being enabled

A flaw was found in PHP due to inadequate validation of user-supplied XML input. By leveraging specially crafted XML code, a remote attacker could obtain sensitive information by viewing the contents of arbitrary files on the system or initiating requests to external systems. This issue may allow...

8.6CVSS7.4AI score0.0121EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2023/09/01 10:5 a.m.47 views

Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian...

7.5AI score
Exploits0
Redos
Redos
added 2023/04/18 12:0 a.m.24 views

ROS-20230418-04

A vulnerability in the pki-core public key infrastructure deployment management system is related to insufficient validation of user-entered XML data, which could be passed by specially created XML code to a vulnerable application and view the contents of arbitrary files on the system or initiate...

7.5CVSS7.7AI score0.85323EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 7:42 p.m.751 views

K31333705: BIG-IP APM portal access may potentially leak host name information for back-end servers

Security Advisory Description This issue occurs when all of the following conditions are met: You configure the BIG-IP APM system to provide portal access to back-end resources. Users accessing portal access resources receive redirect responses from the BIG-IP APM system due to DNS resolution...

6.4AI score
Exploits0
CVE
CVE
added 2023/02/06 8:18 p.m.73 views

CVE-2023-23943

The CVE-2023-23943 entry affects Nextcloud Mail. Affected: Nextcloud Mail app; issue: insufficient validation of incoming requests in the smtpHost/server URL input allows blind SSRF to scan internal/local-network services; impact: documented as enabling discovery of internal services reachable fr...

5CVSS4.4AI score0.00919EPSS
Exploits1References5Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/09/01 2:30 p.m.20 views

25 Years of Nmap: Happy Scan-iversary!

I didn't know it then, but on September 1, 1997, my life changed. That was the day that Fyodor's Nmap was first released to the world, courtesy of the venerable Phrack magazine. By the way, check out our recent podcast with Fyodor himself if you haven’t yet. At the time, I had just started my...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/07/29 12:0 a.m.6 views

The vulnerability of the microprogrammed Wi-Fi router software of ASUS DSL-N14U, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the microprogrammed Wi-Fi router software of ASUS DSL-N14U is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by performing TCP SYN scanning using nmap...

7.8CVSS7.2AI score0.01716EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/14 12:0 a.m.7 views

The vulnerability of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server microprogramming software management devices is related to incorrect restrictions on XML references to external objects. This allows attackers to view the content of any file on the server or perform network scanning on the internal and external infrastructure.

The vulnerability of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server microprogramming software related to external objects’ XML links is due to incorrect restrictions on these links. Exploiting this vulnerability allows a malicious actor to view the...

7.8CVSS6.6AI score0.00913EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2022/04/25 12:0 a.m.18 views

Lansweeper Cross-Site Scripting Vulnerability

Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery, network settings scanning, etc. A cross-site scripting vulnerability exists in Lansweeper 9.1.20.2, which stems from a failure to adequately clean user-supplied data in...

3.5CVSS0.8AI score0.77778EPSS
Exploits1Affected Software1
ThreatPost
ThreatPost
added 2021/12/21 10:8 p.m.17 views

Time to Ditch Big-Brother Accounts for Network Scanning

In almost every network, there is a highly privileged service account remotely connecting to all computers. These accounts are usually used by backup, security or monitoring solutions. But using such accounts to remotely login to systems on the network introduces unnecessary risk — it’s a bad...

7.3AI score
Exploits0References3
GithubExploit
GithubExploit
added 2021/12/10 6:16 a.m.9 views

Log4j2Scan

Log4j2Scan This tool is only for learning, research and sel...

7.6AI score
Exploits0
ThreatPost
ThreatPost
added 2021/11/23 12:59 p.m.63 views

Common Cloud Misconfigurations Exploited in Minutes, Report

Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo Alto Networks’ Unit 42 used a honeypot infrastructure of 320 nodes...

7.2AI score
Exploits0References5
Packet Storm
Packet Storm
added 2021/10/28 12:0 a.m.549 views

Backdoor.Win32.Hupigon.afjk Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80b0fc8c0657c0ae7971f09af45c706bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.afjk Vulnerability: Port Bounce Scan Description: The malware runs an FTP...

7.4AI score
Exploits0
Kitploit
Kitploit
added 2021/10/14 11:30 a.m.47 views

Xmap - A Fast Network Scanner Designed For Performing Internet-wide IPv6 &Amp; IPv4 Network Research Scanning

XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scannin...

7.6AI score
Exploits0References9
Packet Storm
Packet Storm
added 2021/09/02 12:0 a.m.195 views

Backdoor.Win32.MoonPie.40 Man-In-The-Middle

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MoonPie.40 Vulnerability: Port Bounce Scan Description: The malware listens on TCP...

7.4AI score
Exploits0
Gitee
Gitee
added 2021/06/10 9:19 p.m.5 views

pentestdb

This is an offensive tool for penetration testing. It is a Python-based tool called "pentestdb" that provides a collection of tools and resources for penetration testing, including exploit development, vulnerability scanning, and password cracking. The tool is designed to be easy to use and...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2021/05/21 12:30 p.m.148 views

AutoPentest-DRL - Automated Penetration Testing Using Deep Reinforcement Learning

AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning DRL techniques. The framework determines the most appropriate attack path for a given network, and can be used to execute a simulated attack on that network via penetration testing tools, such as...

7.5AI score
Exploits0References5
OSV
OSV
added 2021/05/06 6:28 p.m.19 views

GHSA-Q4H8-7QFF-GH6C Server-side request forgery in Ghost CMS

Server-side request forgery SSRF vulnerability in Ghost CMS 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems...

8.1CVSS7.8AI score0.0122EPSS
Exploits1References2
Rows per page
Query Builder