50 matches found
FruityWifi v2.2 - Wireless Network Auditing Tool
FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it. Initialy the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system...
SET v6.5 - The Social-Engineer Toolkit “Mr Robot”
The Social-Engineer Toolkit SET was created and written by the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has been presented at large-scale conferences including Blackhat, DerbyCon, Defcon, and ShmooCon. With over two...
jbpm-designer: XXE in BPMN2 import
An XML External Entity XXE flaw was found in the jbpm-designer BPMN2 import function. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...
Wireless Network Auditing Tool: FruityWifi
FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it. Initialy the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system...
Microsoft Releases EMET 5.0 Exploit Mitigation Tool
The latest version of Microsoft’s freely available stopgap against zero-day exploits was released today with two new exploit mitigations and a batch of new configuration options. The update to Microsoft’s Enhanced Mitigation Experience Tool kit, or EMET, comes six months after a technical preview...
Google Patches Gmail Token Vulnerability
Google has patched a vulnerability that exposes an indefinite number of Gmail addresses, a potential gold mine for phishing and advanced attacks. Researcher Oren Hafif of Israel disclosed details on how he was able to abuse a token exposed in a URL in order to reveal every Gmail address. His work...
[SET] Social-Engineer Toolkit 4.1.3
TrustedSec Release the latest version of Social-Engineer Toolkit SET as 4.1.3. As most of us know that, It is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed...
New Mandiant Offering: Response Readiness Assessment
Today, I am pleased to announce the release of Mandiant's newest Strategic Solutions offering: Response Readiness Assessment. In this post, I'll explain what the service provides, why our customer's requested such a service, and who can benefit from the Response Readiness Assessment offering...
SPGPartenaires 3.0.1 - ident.php SQL Injection
SPGPartenaires 3.0.1 - ident.php SQL Injection source: https://www.securityfocus.com/bid/6455/info Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various P...
SPGPartenaires 3.0.1 - delete.php SQL Injection
SPGPartenaires 3.0.1 - delete.php SQL Injection source: https://www.securityfocus.com/bid/6455/info Several vulnerabilities have been discovered in SPGPartenaires. The vulnerabilities are due to insufficient sanitization of the 'pass' and 'SPGP' variables used to construct SQL queries in various...