251 matches found
NetProbe - Network Probe
NetProbe is a tool you can use to scan for devices on your network. The program sends ARP requests to any IP address on your network and lists the IP addresses, MAC addresses, manufacturers, and device models of the responding devices. Features Scan for devices on a specified IP address or subnet...
Design/Logic Flaw
TestingPlatform is a testing platform for Internet Security Standards. Prior to version 2.1.1, user input is not filtered correctly. Nmap options are accepted. In this particular case, the option to create log files is accepted in addition to a host name and even without. A log file is created at...
php: XML loading external entity without being enabled
A flaw was found in PHP due to inadequate validation of user-supplied XML input. By leveraging specially crafted XML code, a remote attacker could obtain sensitive information by viewing the contents of arbitrary files on the system or initiating requests to external systems. This issue may allow...
Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military
Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military. The malicious software, dubbed Infamous Chisel and attributed to a Russian...
ROS-20230418-04
A vulnerability in the pki-core public key infrastructure deployment management system is related to insufficient validation of user-entered XML data, which could be passed by specially created XML code to a vulnerable application and view the contents of arbitrary files on the system or initiate...
K31333705: BIG-IP APM portal access may potentially leak host name information for back-end servers
Security Advisory Description This issue occurs when all of the following conditions are met: You configure the BIG-IP APM system to provide portal access to back-end resources. Users accessing portal access resources receive redirect responses from the BIG-IP APM system due to DNS resolution...
CVE-2023-23943
The CVE-2023-23943 entry affects Nextcloud Mail. Affected: Nextcloud Mail app; issue: insufficient validation of incoming requests in the smtpHost/server URL input allows blind SSRF to scan internal/local-network services; impact: documented as enabling discovery of internal services reachable fr...
25 Years of Nmap: Happy Scan-iversary!
I didn't know it then, but on September 1, 1997, my life changed. That was the day that Fyodor's Nmap was first released to the world, courtesy of the venerable Phrack magazine. By the way, check out our recent podcast with Fyodor himself if you haven’t yet. At the time, I had just started my...
The vulnerability of the microprogrammed Wi-Fi router software of ASUS DSL-N14U, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.
The vulnerability of the microprogrammed Wi-Fi router software of ASUS DSL-N14U is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by performing TCP SYN scanning using nmap...
The vulnerability of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server microprogramming software management devices is related to incorrect restrictions on XML references to external objects. This allows attackers to view the content of any file on the server or perform network scanning on the internal and external infrastructure.
The vulnerability of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server microprogramming software related to external objects’ XML links is due to incorrect restrictions on these links. Exploiting this vulnerability allows a malicious actor to view the...
Lansweeper Cross-Site Scripting Vulnerability
Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery, network settings scanning, etc. A cross-site scripting vulnerability exists in Lansweeper 9.1.20.2, which stems from a failure to adequately clean user-supplied data in...
Time to Ditch Big-Brother Accounts for Network Scanning
In almost every network, there is a highly privileged service account remotely connecting to all computers. These accounts are usually used by backup, security or monitoring solutions. But using such accounts to remotely login to systems on the network introduces unnecessary risk — it’s a bad...
Log4j2Scan
Log4j2Scan This tool is only for learning, research and sel...
Common Cloud Misconfigurations Exploited in Minutes, Report
Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo Alto Networks’ Unit 42 used a honeypot infrastructure of 320 nodes...
Backdoor.Win32.Hupigon.afjk Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/80b0fc8c0657c0ae7971f09af45c706bB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.afjk Vulnerability: Port Bounce Scan Description: The malware runs an FTP...
Xmap - A Fast Network Scanner Designed For Performing Internet-wide IPv6 &Amp; IPv4 Network Research Scanning
XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. XMap is reimplemented and improved thoroughly from ZMap and is fully compatible with ZMap, armed with the "5 minutes" probing speed and novel scanning techniques. XMap is capable of scannin...
Backdoor.Win32.MoonPie.40 Man-In-The-Middle
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/9dbb6d56bc9a7813305883acd0f9a355B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.MoonPie.40 Vulnerability: Port Bounce Scan Description: The malware listens on TCP...
pentestdb
This is an offensive tool for penetration testing. It is a Python-based tool called "pentestdb" that provides a collection of tools and resources for penetration testing, including exploit development, vulnerability scanning, and password cracking. The tool is designed to be easy to use and...
AutoPentest-DRL - Automated Penetration Testing Using Deep Reinforcement Learning
AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning DRL techniques. The framework determines the most appropriate attack path for a given network, and can be used to execute a simulated attack on that network via penetration testing tools, such as...
GHSA-Q4H8-7QFF-GH6C Server-side request forgery in Ghost CMS
Server-side request forgery SSRF vulnerability in Ghost CMS 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems...