Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments

This python package is used to execute Atomic Red Team tests Atomics across multiple operating system environments. What's new? Why? atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), com.adobe.cq.commerce:cq-commerce-core (>=5.6.0 <=5.13.18) +119 more potentially affected by CVE-2013-5679 via org.owasp.esapi:esapi (=2.0.1)

org.owasp.esapi:esapi MAVEN version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.owasp.esapi:esapi and may be impacted: - cloud.genesys:web-messaging-sdk =3.0.0, =5.6.0, =2.0.54, =5.6.2, =1.0.36, =1.0.24, =5.5.4, =1.0.0, =5.6.4, =1.0.8,...

AutoPentest-DRL - Automated Penetration Testing Using Deep Reinforcement Learning

AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning DRL techniques. The framework determines the most appropriate attack path for a given network, and can be used to execute a simulated attack on that network via penetration testing tools, such as...

StackLift LocalStack Cross-Site Scripting Vulnerability

StackLift LocalStack is a StackLift open source application. Provides an easy-to-use testing framework for cloud applications. A cross-site scripting vulnerability exists in StackLift LocalStack version 0.12.6, which stems from a lack of proper validation of client-side data by the WEB applicatio...

SUSE SLES15 Security Update : stunnel (SUSE-SU-2021:0194-1)

This update for stunnel fixes the following issues : Security issue fixed : The 'redirect' option was fixed to properly handle 'verifyChain = yes' bsc1177580. Non-security issues fixed : Fix startup problem of the stunnel daemon bsc1178533 update to 5.57 : - Security bugfixes - New features - New...

vulhub

It is an offensive tool for web application security training. The primary target product/service or framework is not explicitly stated, but the repository contains various vulnerable environments based on Docker-Compose, including Flask, Apache, Nginx, and others. The vulnerability class/vector ...

KITT-Lite - Python-Based Pentesting CLI Tool

The KITT Penetration Testing Framework was developed as an open source solution for pentesters and programmers alike to compile the tools they use with what they know into an open source project. With KITT, users are able to easily access a list of commonly used tools to their profession which ar...

AtomShields Cli - Security Testing Framework For Repositories And Source Code

AtomShields Cli is a Command-Line Interface to use the software AtomShields Installation pip install atomshieldscli Basic usage ascli --target --name The allowed action values are: install : To install a checker or a report, depending the context setted. uninstall : To uninstall a checker or a...

Rebel-Framework - Advanced And Easy To Use Penetration Testing Framework

Automate the automation START git clone https://github.com/rebellionil/rebel-framework.git cd rebel-framework bash setup.sh bash rebel.sh MODULES SCREENSHOTS DEMOS !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsE...

Fedora Update for openqa FEDORA-2019-c404576415

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 30 Update: openqa-4.6-18.20190716git5bfa647.fc30.2

openQA is a testing framework that allows you to test GUI applications on o ne hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA i...

FTW - Framework For Testing WAFs

This project was created by researchers from ModSecurity and Fastly to help provide rigorous tests for WAF rules. It uses the OWASP Core Ruleset V3 as a baseline to test rules on a WAF. Each rule from the ruleset is loaded into a YAML file that issues HTTP requests that will trigger these rules...

OWTF v2.4 - Offensive Web Testing Framework

OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide v3 and v4, the OWASP Top 10, PTES and NIST so that pentesters will have more time to See the big picture and think out of the box More efficiently...

CVE-2016-10667

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

Remote code execution

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

CVE-2016-10667

CVE-2016-10667 affects the Node.js/selenium-portal package: it downloads binary resources over HTTP, leaving it vulnerable to a network-based MITM that could swap the requested resource with a malicious copy and cause remote code execution. The incident is documented across multiple feeds (NVD, G...

CVE-2016-10650

ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10650

CVE-2016-10650 affects ntfserver (Network Testing Framework Server). The vulnerability arises because ntfserver downloads binary resources over HTTP, allowing a network-positioned attacker to perform a MITM and swap the requested binary with a malicious one, potentially leading to remote code exe...

Phoenix Framework Redirection Vulnerability

Phoenix Framework is a set of resource management and testing as one of the Web automation testing framework . The framework supports unscripted execution , unattended execution and free customization and other execution modes . A redirection vulnerability exists in Phoenix Framework. An attacker...

Multiple Plugins - Unauthenticated RCE via PHPUnit

There was an Unauthenticated Remote Code Execution RCE vulnerability in PHPUnit, a widely used testing framework for PHP. This vulnerability has been seen exploited in the wild. PoC curl -X POST --data ""...