Pure Blood v2.0 - A Penetration Testing Framework Created For Hackers / Pentester / Bug Hunter

A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter. Web Pentest / Information Gathering: Banner Grab Whois Traceroute DNS Record Reverse DNS Lookup Zone Transfer Lookup Port Scan Admin Panel Scan Subdomain Scan CMS Identify Reverse IP Lookup Subnet Lookup Extract Page...

2017 in Snort Signatures.

This post was written by Martin Lee and Vanja Svajcer. 2017 was an eventful year for cyber security with high profile vulnerabilities that allowed self-replicating worm attacks such as WannaCry and BadRabbit to impact organizations throughout the world. In 2017, Talos researchers discovered many...

Android system_server Privilege Acquisition Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which System Server is a system server. A privilege acquisition vulnerability exists in systemserver in versions of Android prior to 2016-10-05 on Nexus-based devices. An...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the MediaTek driver for the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created application...

Vulnerabilities of iOS and Mac OS X operating systems, which allow attackers to gain access to protected information or cause service failures

The vulnerability of the kernel in iOS and Mac OS X operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to gain access to protected information or cause a service failure reading beyond the memory boundary through a...

Apple iOS/OS X/watchOS Memory Corruption Vulnerability

OS X formerly Mac OS X is the latest version of Apple's proprietary operating system for the Macintosh computer. iOS is an operating system developed by Apple for mobile devices. Apple iOS versions prior to 9.1, Apple OS X versions prior to 10.11.1, and watchOS versions prior to 2.0.1 IOHIDFamily...

file: out-of-bounds read in elf note headers

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

CmsEasy injection vulnerability analysis-vulnerability warning-the black bar safety net

CmsEasy is a paragraph based on PHP+Mysql architecture of the web content management system, but also a PHP development platform. It uses a modular approach to development, functional and easy to use to facilitate the expansion, for medium to large sites provide heavyweight site construction...

[Mercury v2.2.0] The Android Assessment Framework

Mercury is a security assessment framework for the Android platform. It allows you to dynamically interact with the Inter-Process Communication IPC endpoints exported by an application installed on a device. Mercury provides similar functionality to a number of static analysis tools, such as aapt...

Dolibarr < 3.1RC3 Multiple Vulnerabilities - Active Check

Dolibarr is prone to multiple cross-site scripting XSS and SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-4125

The search function in phpBB 2.x provides a searchid value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632...

CVE-2008-4125

The search function in phpBB 2.x provides a searchid value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632...

Farsinews 3.0 - &#039;Tiny_mce_gzip.php&#039; Directory Traversal

source: https://www.securityfocus.com/bid/18925/info Farsinews is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affecte...

Multiple firewalls protection bypass

The number of different way to break protection against client application attacks is almost unlimited...

PHP-Nuke - SQL Injection Edit/Save Messages

!/usr/bin/perl use LWP; $log = "poskomenphpnukesavemsg.txt"; $Agent = "Mbahmubangga/1.0"; $proxy = "http://172.9.1.11:80/"; proxy:port ... $browser = LWP::UserAgent-new; $browser - agent$Agent; $url = 'http://www.sitewithphpnuke.com/admin.php'; $browser-proxyhttp = $proxy if defined$proxy; printl...