684 matches found
AI security risk assessment using Counterfit
Today, we are releasing Counterfit, an automation tool for security testing AI systems as an open-source project. Counterfit helps organizations conduct AI security risk assessments to ensure that the algorithms used in their businesses are robust, reliable, and trustworthy. AI systems are...
AI security risk assessment using Counterfit
Today, we are releasing Counterfit, an automation tool for security testing AI systems as an open-source project. Counterfit helps organizations conduct AI security risk assessments to ensure that the algorithms used in their businesses are robust, reliable, and trustworthy. AI systems are...
Vaf - Very Advanced (Web) Fuzzer
very advanced fuzzer compiling 1. Install nim from nim-lang.org 2. Run nimble build A vaf.exe file will be created in your directory ready to be used using vaf using vaf is simple, here's the current help text: Usage: vaf - very advanced fuzzer options Options: -h, --help -u, --url=URL choose url...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenie...
Sifchain: Clickjacking misconfiguration bug
Hi team, While performing security testing of your website i have found the vulnerability called Clickjacking. Many URLS are in scope and vulnerable to Clickjacking. What is Clickjacking ? Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability is not specified, but the repository contains various vulnerable environments, including ones for CouchDB, FFmpeg, Git, InfluxDB,...
vulhub
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and education. The primary vulnerability class/vector targeted by this collection is not explicitly stated, but it likely...
Reddit: Application level DOS at Login Page ( Accepts Long Password )
Application-level Denial of Service DOS It is an emerging class of security attacks on sites. They aim to overwhelm the site by flooding the server with requests that are disguised as legitimate users. The sudden increase in traffic shuts down machines and networks to make them unavailable to oth...
MTN Group: Missing captcha and rate limit protection in help form
Hello One of your form that you are using to receive help message from users, lack captcha and its backend/server does not block massive request. The page is https://mtn.cm/fr/help/ Steps To Reproduce: 1. Visit https://mtn.cm/fr/help/ and fill all the field and submit. 2. Intercept the request wi...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability class is not specified, but the repository contains various vulnerable environments, including web applications, databases, and...
Getting started with ZAP and the OWASP top 10: common questions
I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the email, I asked if I could repost it here because I...
Exploit for SQL Injection in Zabbix
This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary purpose of Vulhub is to provide a simple and convenient way to test and demonstra...
Exploit for Improper Input Validation in Vmware View_Planner
CVE-2021-21978 A simpler way to bring back the vulnerable expl...
vulhub
This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary vulnerability class targeted by Vulhub is not explicitly stated, but it...
Reddit: [dubmash] Lack of authorization checks - Update Sound Titles
Summary: During the security testing, it has been observed that the UpdateSound api is vulnerable to IDOR. It allows an attacker to edit the victim's sound track titles. This vulnerability can be exploited using the sound track's uuid in the vulnerable request. This id is publicly known. Steps To...
Exploit for CVE-2020-14882
CVE-2020-14882ALL CVE-2020-14882ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。 需要模块:requests、http.client (工具仅用于授权的安全测试,请勿用于非法使用,违规行为与作者无关。) 命令回显模块已知成功版本:12.2.1.3.0、12.2.1.4.0、14.1.1.0.0 选项 功能一:命令回显 python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "net user" python3 CVE-2020-14882ALL.py -u...
Kartpay: Host Header Injection
Summary: Hello Team, While performing security testing on your Main Domain, I found a Host Header Injection Vulnerability. Vulnerability Description: An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multip...
Top 5 Bug Bounty Platforms to Watch in 2021
While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are lookin...
blogpost_qiling_dlink_1
It is an offensive tool for exploiting vulnerabilities in software. The repository contains a Python script that exploits a vulnerability in a software product. The script is designed to be used by a penetration tester or a security researcher to test the security of the software. The script uses...
K55 - Linux X86_64 Process Injection Utility | Manipulate Processes With Customized Payloads
pronounced: "kay fifty-five" The K55 payload injection tool is used for injecting x8664 shellcode payloads into running processes. The utility was developed using modern C++11 techniques as well as some traditional C linux functions like ptrace. The shellcode spawned in the target process is 27...