DAVScan - Fingerprints servers, finds exploits, scans WebDAV

DAVScan is a quick and lightweight webdav scanner designed to discover hidden files and folders on DAV enabled webservers. The scanner works by taking advantage of overly privileged/misconfigured WebDAV servers or servers vulnerable to various disclosure or authentication bypass vulnerabilities...

Rumble Mail Server 0.51.3135 Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit title: Rumble Mail Server v/0.51.3135 = Stored Cross Site Scripting Download Software: https://sourceforge.net/projects/rumble/?source=directory Author: Nassim Asrir Author Company: Henceforth Contact: email protected Tested On:...

SQL injection vulnerability in type_id parameter of php+sqlite responsive article management system version v1.0

php+sqlite responsive article management system is a mobile article management system developed in php. php+sqlite responsive article management system v1.0 version typeid parameter SQL injection vulnerability , because the program fails to effectively filter the typeid parameter , allowing...

McAfee VirusScan Enterprise SQL Injection Vulnerability

McAfee VirusScan Enterprise is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scans memory for malicious code and optimizes updates for remote systems. A SQL injection vulnerability exists in VirusScan Enterprise for Linu...

[SECURITY] Fedora 24 Update: roundcubemail-1.2.3-1.fc24

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 25 Update: roundcubemail-1.2.3-1.fc25

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Cosa Nostra - A FOSS Graph Based Malware Clusterization Toolkit

Cosa Nostra is an open source software clustering toolkit with a focus on malware analysis. It can create phylogenetic trees of binary malware samples that are structurally similar. It was initially released during SyScan360 Shanghai 2016. Getting started Required 3rd party tools In order to use...

SQLite: Multiple vulnerabilities

Background SQLite is a C library that implements an SQL database engine. Description Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of the...

GLSA-201612-21 : SQLite: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201612-21 SQLite: Multiple vulnerabilities Multiple vulnerabilities have been discovered in SQLite. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code...

The use of SQLite database files to achieve arbitrary code execution-vulnerability warning-the black bar safety net

! Foreword Recently, we have the Belkin WeMo smart home devices security is analyzed. In the course of the study, we developed a novelSQL injectiontechnology, this technology is for SQLite database. Experiments show that we can use this SQLite injection technology in the SQLite database to achiev...

uSQLite Denial of Service Vulnerability

SQLite is a database that is an ACID-compliant relational database management system contained in a relatively small C library. A denial of service vulnerability exists in uSQLite version 1.0.0, which can be exploited by an attacker to cause a denial of service program crash...

InfraPower PPS-02-S Q213V1 Cross Site Request Forgery

InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the...

InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI o...

InfraPower PPS-02-S Q213V1 - Local File Disclosure Vulnerability

Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summar...

InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference

Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...

InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference

InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference InfraPower PPS-02-S Q213V1 Insecure Direct Object Reference Authorization Bypass Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3...

InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery

InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Summary: InfraPower Manager PPS-02-S is a FREE built-in GUI...

InfraPower PPS-02-S Q213V1 - Local File Disclosure

InfraPower PPS-02-S Q213V1 - Local File Disclosure InfraPower PPS-02-S Q213V1 Local File Disclosure Vulnerability Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware: IPD-02-FW-v03 Summary:...

InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution Vulnerability

Exploit for php platform in category web applications InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution Vendor: Austin Hughes Electronics Ltd. Product web page: http://www.austin-hughes.com Affected version: Q213V1 Firmware: V2395S Fixed version: Q216V3 Firmware:...

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...