nessus-xmlrpc-brute NSE Script

Performs brute force password auditing against a Nessus vulnerability scanning daemon using the XMLRPC protocol. Script Arguments nessus-xmlrpc-brute.timeout socket timeout for connecting to Nessus default 5s nessus-xmlrpc-brute.threads sets the number of threads. passdb, unpwdb.passlimit,...

Uniscan 5.2 is released - vulnerability scanner

Uniscan 5.2 is released - vulnerability scanner Uniscan is a open source vulnerability scanner for Web applications. Uniscan 2.0 is a perl vulnerability scanner for RFI, LFI, RCE, XSS and SQL-injection. features: Identification of system pages through a Web Crawler. Use of threads in the crawler...

rtsp-url-brute NSE Script

Attempts to enumerate RTSP media URLS by testing for common paths on devices such as surveillance IP cameras. The script attempts to discover valid RTSP URLs by sending a DESCRIBE request for each URL in the dictionary. It then parses the response, based on which it determines whether the URL is...

Multi Gather DNS Service Record Lookup Scan

Enumerates known SRV Records for a given domain using target host DNS query tool. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather DNS Service Record Lookup Scan', 'Description' = %...

Linux - Means Freedom [The Hacker News Magazine] October 2011 Issue Released

Linux - Means Freedom The Hacker News Magazine October 2011 Issue Released Dear Readers, We here at The Hacker News were very humbled to be given the opportunity to celebrate 10 millions hits to the website. Wow! We are so very grateful for your support and as I told you last month, I don't think...

Pscan 2.0 - multi threaded TCP Syn port scanner

Pscan 2.0 - multi threaded TCP Syn port scanner TCP Port scanner Multi threaded with possibility to scan 65535. TCP ports on an IP address.You can specify how many threads to run and the timeout. Further more it will tell you the MAC address of the target and the service runningFor LINUX and...

MyAuth3 Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note:...

http-wordpress-brute NSE Script

performs brute force password auditing against Wordpress CMS/blog installations. This script uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are stored using the credentials library. Wordpress default uri and form names: Default uri:wp-login.php Default...

GMER - Automating Rootkit Analyzer Released

GMER - Automating Rootkit Analyzer Released GMER is an application that detects and removes rootkits . It scans for: hidden processes hidden threads hidden modules hidden services hidden files hidden disk sectors MBR hidden Alternate Data Streams hidden registry keys drivers hooking SSDT drivers...

Nmap NSE net: vnc-brute

Performs brute force password auditing against VNC servers. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true brute.retries: the number of times to retry if recoverable failures occurs...

Nmap NSE net: http-form-brute

Performs brute force password auditing against http form-based authentication. SYNTAX: brute.unique: make sure that each password is only guessed once default: true http-form-brute.hostname: sets the host header in case of virtual hosting brute.retries: the number of times to retry if recoverable...

Nmap NSE net: informix-brute

Performs brute force password auditing against IBM Informix Dynamic Server. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true brute.retries: the number of times to retry if recoverable...

Nmap NSE net: http-brute

Performs brute force password auditing against http basic authentication. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true http-brute.hostname: sets the host header in case of virtual...

Nmap NSE net: iscsi-brute

Performs brute force password auditing against iSCSI targets. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true brute.retries: the number of times to retry if recoverable failures occur...

Nmap NSE net: domcon-brute

Performs brute force password auditing against the Lotus Domino Console. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true brute.retries: the number of times to retry if recoverable...

Nmap NSE net: svn-brute

Performs brute force password auditing against Subversion source code control servers. SYNTAX: brute.firstonly: stop guessing after first password is found default: false brute.unique: make sure that each password is only guessed once default: true brute.retries: the number of times to retry if...

Moderate: Red Hat Security Advisory: perl security and bug fix update

Updated perl packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

BMForum Myna 6.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Author: Stephan Sattler Software Website: http://www.bmforum.com/ Software Link: http://www.bmforum.com/down/ Required: magic quotes = Off Vulnerability /add-on/jsviewnew.php line 20++: $length = $GET'length'; $forumid = $GET'forumid'; $num =...

CVE-2010-4625

MyBB aka MyBulletinBoard before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page...

Design/Logic Flaw

MyBB aka MyBulletinBoard before 1.4.12 does not properly handle a configuration with a visible forum that contains hidden threads, which allows remote attackers to obtain sensitive information by reading the Latest Threads block of the Portal Page...