Instaloctrack - An Instagram OSINT Tool To Collect All The Geotagged Locations Available On An Instagram Profile In Order To Plot Them On A Map, And Dump Them In A JSON

A tool to scrape geotagged locations on Instagram profiles. Output in JSON & interactive map. TL;DR : ascineema, video of the project requirements sudo apt install chromium-chromedriver && chmod a+x /usr/bin/chromedriver ️ installation git clone https://github.com/bernsteining/instaloctrack cd...

JSPanda - Client-Side Prototype Pullution Vulnerability Scanner

JSpanda is client-side prototype pollution vulnerability scanner. It has two key features, scanning vulnerability the supplied URLs and analyzing the JavaScript libraries' source code. However, JSpanda cannot detect advanced prototype pollution vulnerabilities. How JSPanda works? Uses multiple...

Bugs-feed - A Local Hosted Portal Where You Can Search For The Latest News, Videos, CVEs, Vulnerabilities...

Bug's feed is a local hosted portal where you can search for the latest news, videos, CVEs, vulnerabilities... It's implemented as a PWA application so you can get rid of the explorer and use it as a desktop application. Navigate through different tabs and take a look to the latest bugs or search...

FisherMan - CLI Program That Collects Information From Facebook User Profiles Via Selenium

Search for public profile information on Facebook Installation clone the repo $ git clone https://github.com/Godofcoffe/FisherMan change the working directory to FisherMan $ cd FisherMan install the requirements $ python3 -m pip install -r requirements.txt Pre-requisites Make sure you have the...

PluXML 5.8.7 Cross Site Scripting

Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "idcontent" Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.13.2021 Vendor: https://pluxml.org/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38603 + Exploit Source: !/usr/bin/python3 Author:...

OneNav Beta 0.9.12 Cross Site Scripting

Exploit Title: XSS-Stored - Brutal PWNED on OneNav beta 0.9.12 addlink feature Author: nu11secur1ty Testing and Debugging: nu11secur1ty $ g3ck0dr1v3r Date: 08.06.2021 Vendor: https://www.xiaoz.me/ Link: https://github.com/helloxz/onenav/releases/tag/0.9.12 CVE: CVE-2021-38138 + Exploit Source:...

Exploit for Use After Free in Microsoft

CVE-2020-0674 How to reproduce this vulnerability:...

XXE vulnerability in Jenkins Selenium HTML report Plugin

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to control the report files parsed using this plugin to have Jenkins parse a crafted report file that uses external entities for...

CVE-2021-21672

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21672

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Xxe

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21672

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2021-21672

CVE-2021-21672 affects the Jenkins Selenium HTML Report Plugin (versions 1.0 and earlier). The root cause is that the plugin’s XML parser is not configured to prevent XML External Entity (XXE) attacks, allowing an attacker able to control the parsed report file to cause disclosure of file content...

Jenkins 代码问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A code issue vulnerability exists in Jenkins Selenium HTML report Plugin 1.0 and earlier versions that stems from the...

PT-2021-14715 · Jenkins · Jenkins Selenium Html Report Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Selenium HTML report Plugin versions 1.0 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks, allowing attackers who can control the report files parsed b...

Local Service Search Engine Management System 1.0 SQL Injection

Exploit Title: SQL injection, bypass the login page, Local Service Search Engine Management System 1.0 Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 06.02.2021 Vendor:...

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver) Exploit

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Tested on: Selenium...

Selenium 3.141.59 Remote Code Execution

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...

Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...

PHPFusion 9.03.50 - Remote Code Execution Exploit

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Tested on: Selenium...