102 matches found
Microsoft SharePoint Server 2019 build < 16.0.10352.20000 Multiple Vulnerabilities
According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint...
Microsoft SharePoint Server 2013 build < 15.0.5153.1000 Multiple Vulnerabilities
According to its self-reported version number, the Microsoft SharePoint application running on the remote host is affected by multiple vulnerabilities : - An authentication bypass vulnerability exists in Windows Communication Foundation WCF and Windows Identity Foundation WIF, allowing signing of...
Jaeles v0.4 - The Swiss Army Knife For Automated Web Application Testing
Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner. Installation Download precompiled version here. If you have a Go environment, make sure you have Go = 1.13 with Go Modules enable and run the following command. GO111MODULE=...
NewStart CGSL CORE 5.04 / MAIN 5.04 : nss-softokn Vulnerability (NS-SA-2019-0262)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss-softokn packages installed that are affected by a vulnerability: - Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used...
Wireshark 2.6.x < 2.6.13 A Vulnerability (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.6.13. It is, therefore, affected by a vulnerability as referenced in the wireshark-2.6.13 advisory. - In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in...
Atlassian Jira 8.1.x < 8.1.3 Template Injection Vulnerability
According to its self-reported version number, the Atlassian Jira application running on the remote host is 7.0.10 7.6.16, 7.7.x 7.13.8, 8.1.x 8.1.3, 8.2.x 8.2.5, 8.3.x 8.3.4, 8.4.x 8.4.1. It is, therefore, affected by a server-side template injection vulnerability that exists in the Jira Importe...
NewStart CGSL MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0006)
The remote NewStart CGSL host, running version MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - A use-after-free vulnerability can occur when flushing and resizing layout because the PressShell object has been freed while still in use. This results in...
Zurmo 3.2.6 Persistent Cross Site Scripting
Stored Cross-site Scripting Vulnerability in Zurmo 3.2.6 Information -------------------- Advisory by Netsparker Name: Stored Cross-site Scripting in Zurmo Affected Software: Zurmo Affected Versions: 3.2.6 Homepage: http://zurmo.org Vulnerability: Stored Cross-site Scripting Severity: Medium...
Adobe Reader < 2015.006.30493 / 2017.011.30138 / 2019.010.20099 Multiple Vulnerabilities (APSB19-17)
The version of Adobe Reader installed on the remote Windows host is a version prior to 2015.006.30493, 2017.011.30138, or 2019.010.20099. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier,...
PHP 7.1.x < 7.1.8 Denial of Service Vulnerability
According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.8. It is, therefore, affected by a denial of service DoS vulnerability exists in the ext/wddx/wddx.c script due to the use of an invalid free for an empty boolean element. An unauthenticated, remote...
First look at Tenable.io Web Application Scanner (WAS)
When Tenable firstly announced Web Application Security scanner as a part of their new Tenable.io platform, it was quite intriguing. Certainly, they already had some WAS functionality before in Nessus. For example, path traversal check was pretty good. But this functionality was quite fragmental...
AngularJS < 1.6.1 Cross-Site Scripting
According to its self-reported version number, AngularJS is prior to 1.6.1. Therefore, it may be affected by a JSONP callback vulnerability than can lead to Cross-Site Scripting XSS. Note that the scanner has not tested for these issues but has instead relied only on the application's self-report...
Apache 2.4.x < 2.4.34 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.34. It is, therefore, affected by the following vulnerabilities: - By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a...
WAScan v0.2.1 - Web Application Scanner
WAScan Web Application Scanner is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application,...
[R1] TenableCore Web Application Scanner v20180702 Fixes Third-party Vulnerabilities
The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client dhclient package. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitra...
[R1] TenableCore Web Application Scanner v20180702 Fixes Third-party Vulnerabilities
The TenableCore Web Application Scanner Image v20180328 was found to contain a command injection flaw in a script included in the bundled DHCP client dhclient package. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitra...
Optiva Framework - Web Application Scanner
You can use this Framework on your website to check the security of your website by finding the vulnerability in your website or you can use this tool to Get admin panel search SQL injection by dork As well as collecting information and encrypting Hash. Features : Infromation Modules : Port Scann...
VOOKI - Web Application Vulnerability Scanner
Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...
Vulnerability Management for Network Perimeter
Network Perimeter is like a door to your organization. It is accessible to everyone and vulnerability exploitation does not require any human interactions, unlike, for example, phishing attacks. Potential attacker can automate most of his actions searching for an easy target. It's important not t...
Spaghetti - Web Application Security Scanner
Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone...