Exploit for Unrestricted Upload of File with Dangerous Type in Openeclass

Open eClass RCE Exploit Tool This tool is designed to exploit...

CanaryTokenScanner - Script Designed To Proactively Identify Canary Tokens Within Microsoft Office Documents And Acrobat Reader PDF (docx, xlsx, pptx, pdf)

Detecting Canary Tokens and Suspicious URLs inMicrosoft Office, Acrobat Reader PDF and Zip Files Introduction In the dynamic realm of cybersecurity, vigilance and proactive defense are key. Malicious actors often leverage Microsoft Office files and Zip archives, embedding covert URLs or macros to...

Exploit for Out-of-bounds Write in Microsoft

CVE-2023-28252-Compiled-exe A modification of Fortra's excell...

Application Security Posture Management

Accelerating the Remediation of Vulnerabilities From Code To Cloud Written by Eric Sheridan, Chief Innovation Officer, Tromzo In this guest blog post by Eric Sheridan, Chief Innovation Officer at valued Rapid7 partner Tromzo, you’ll learn how Rapid7 customers can utilize ASPM solutions to...

Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect

This tool is intended for security testing purposes only. Do not...

Yet Another Apache Struts 2 Vulnerability – CVE-2023-50164

Apache Struts is a popular open-source web application framework used to develop MVC-based web applications. The widespread adoption of the Apache Struts framework has resulted in the related applications being targeted by malicious actors over the years. The popularity of the framework results i...

Building an AppSec Program with Qualys WAS -Introduction and Configuring a Web Application or API: Default Scan Settings

Qualys WAS Web Application Scanning tools stand out as The Leading Dynamic Application Security Testing DAST solutions in the industry. Since it comes with default scan settings, understanding these settings in detail is critical to uncover vulnerabilities effectively. Scan performance and covera...

U.S. Dept Of Defense: IDOR to delete profile images in https:███████

A vulnerability was discovered in which profile images could be deleted through a GET request by supplying a user ID. This allowed unauthorized deletion of user profile images...

GHSA-94W9-97P3-P368 CSRF Token Reuse Vulnerability

A Cross-Site Request Forgery CSRF vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform...

Exploit for Improper Input Validation in Atlassian Confluence_Data_Center

CVE-2023-22515 Confluence Data Center & Server Permission El...

The reality of Apple watch pen testing

Introduction We were approached to do an Apple Watch application test. It seems this isnt a service offered by many companies including us, although we’ve done plenty of work on Android Wear before but also, little information exists online about attempts, experiences or if it’s even possible. So...

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

Cisco has released updates to address a critical security flaw impacting Emergency Responder that allows unauthenticated, remote attackers to sign into susceptible systems using hard-coded credentials. The vulnerability, tracked as CVE-2023-20101 CVSS score: 9.8, is due to the presence of static...

Qualys Is the Outperformer in the New GigaOm Radar Report for Continuous Vulnerability Management

GigaOm has unveiled its third-annual Radar for Continuous Vulnerability Management featuring Qualys. In this Report, GigaOm provides a detailed analysis of the value and progression of vulnerability management VM capabilities to help organizations build the best security and vulnerability...

NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open-Redirect, Etc.. Vulnerabilities In Web Applications

NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities. NucleiFuzzer streamlines the process, making it easier for security...

CakeFuzzer - Automatically And Continuously Discover Vulnerabilities In Web Applications Created Based On Specific Frameworks

Cake Fuzzer is a project that is meant to help automatically and continuously discover vulnerabilities in web applications created based on specific frameworks with very limited false positives. Currently it is implemented to support the Cake PHP framework. If you would like to learn more about t...

The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short

As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks BLAs. Unlike known attacks, which can be identified by signatures or patterns, such ...

The vulnerability of the Microsoft Visual Studio software development tool and the Microsoft.NET platform, related to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio software and the Microsoft.NET platform is related to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

编号撤回

Sliver is Bishop Fox open source an open source cross-platform adversary simulation / red team framework. It can be used by organizations of all sizes to perform security testing. This CVE number has been withdrawn...

MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD

MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-33246 Apache RocketMQ remote code execution vulnera...