575 matches found
Downloads Resources over HTTP
Overview Affected versions of selenium-download insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
Server Side Bruteforce Module: brut3k1t
Server Side Bruteforce Module brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are: ssh ftp smtp XMPP instagram facebook There will be future implementations of different protocols and servic...
brut3k1t - Server-side Brute-force Module (ssh, ftp, smtp, facebook, and more)
Server-side brute-force module. Brute-force dictionary attack, jk attack that supports multiple protocols and services. 1. Introduction brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are:...
Google Explorer - Google Mass Explorer
+Google Mass Explorer This is a automated robot for google search engine. Make a google search, and parse the results for a especific exploit you define. The options can be listed with --help parameter. Intro: This project is a main project that i will keep upgrading when new exploits are...
Security update for MozillaFirefox, mozilla-nss (important)
Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and deliver various improvements. The following major changes are included: - Process separation e10s is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load - WebRTC enhancements - The...
Exploit for Path Traversal in Elegantthemes Divi
WordPressMassExploiter Mass exploiter of CVE-2015-1579 for Wor...
WordPress 4.4 User Enumeration Vulnerability
WordPress versions 4.4 and below leak whether or not a username exists in their login flow. Affects: WordPress =v4.4 Vulnerability: Information Disclosure CVE-ID: Pending Impact: Username exists disclosure on /wp-login.php ----- By default, WordPress =4.4 discloses whether a username is registere...
Selenium Web Server 1.0 XSS
No description provided by source. source: http://www.securityfocus.com/bid/21100/info Biba Selenium Web Server is prone to a cross-site scripting because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute ...
[Xelenium] Security Testing with Selenium
Xelenium is a security testing tool that can be used to identify the security vulnerabilities present in the web application. Xelenium uses the open source functional test automation tool 'Selenium' as its engine and has been built using Java swing. Xelenium has been designed considering that it...
[Snuck] Automatic XSS filter bypass
Snuck is an automatic tool whose goal is to significantly test a given XSS filter by specializing the injections on the basis of the reflection context. This approach adopts Selenium to drive a web browser in reproducing both the attacker's behavior and the victim's. snuck is an automated tool th...
Biba Selenium Web Server多个远程安全漏洞
Selenium Server允许用户方便的架设FTP或WEB服务器。 Selenium Server在处理传送给DIR、GET和PUT命令的参数时存在输入验证错误,允许攻击者通过特制的目录遍历序列列出并下载根目录外任意位置的文件。 此外,Selenium Server将用户口令以明文存储到了Servers目录下,允许攻击者轻易的检索到登录凭据。 Biba Software Selenium Web Server 1.0 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://bibasoftware.com/...
Selenium FTP Server / Conxint FTP directory traversal
Directory traversal in different FTP commands...
[NT] Selenium FTP Server Directory Traversal
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Selenium Web Server 1.0 - Cross-Site Scripting
Selenium Web Server 1.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/21100/info Biba Selenium Web Server is prone to a cross-site scripting because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
Selenium Web Server 1.0 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/21100/info Biba Selenium Web Server is prone to a cross-site scripting because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting...