Lucene search
K

44 matches found

The Hacker News
The Hacker News
added 2020/12/16 1:41 p.m.35 views

What is Geocoding? — How to Find Coordinates of An Address

How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet,...

6.5AI score
Exploits0
Veracode
Veracode
added 2020/10/29 3:34 a.m.10 views

Cross-site Scripting (XSS)

grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. An attacker can inject malicious script via auto-completion suggestions for description field for new or edited transactions during adding transaction. This vulnerability is exploitable in a non-default configuration whereby th...

2.3AI score
Exploits0References2Affected Software1
Kitploit
Kitploit
added 2020/07/24 12:30 p.m.31 views

Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing

Quiver is the tool to manage all of your tools. It's an opinionated and curated collection of commands, notes and scripts for bug bounty hunting and penetration testing. Features ZSH / Oh-My-ZSH shell plugin Tab auto-completion Global variables Prefills the command line, doesn't hide commands fro...

7.2AI score
Exploits0References1
Kitploit
Kitploit
added 2019/03/20 8:14 p.m.137 views

Goscan - Interactive Network Scanner

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2018/10/27 9:37 p.m.216 views

Python-Nubia - A Command-Line And Interactive Shell Framework

Nubia is a lightweight framework for building command-line applications with Python. It was originally designed for the “logdevice interactive shell aka. ldshell” at Facebook. Since then it was factored out to be a reusable component and several internal Facebook projects now rely on it as a quic...

7.5AI score
Exploits0References5
ArchLinux
ArchLinux
added 2018/03/01 12:0 a.m.75 views

[ASA-201803-1] busybox: arbitrary code execution

Arch Linux Security Advisory ASA-201803-1 ========================================= Severity: High Date : 2018-03-01 CVE-ID : CVE-2017-16544 Package : busybox Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-512 Summary ======= The package busybox before versi...

8.8CVSS0.8AI score0.0624EPSS
Exploits12References5
n0where
n0where
added 2018/01/12 4:59 p.m.19 views

NSE Nmap Script Development IDE: Halcyon

Halcyon IDE lets you quickly and easily develop scripts for performing advanced scans on applications and infrastructures with a range from recon to exploitation capabilities. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project always...

7.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/11/21 9:50 a.m.66 views

CVE-2017-16544

It was found that the tab auto-completion feature of BusyBox did not sanitize filenames, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by an attacker could potentially result in code execution, arbitrary file writes, or other attacks under...

8.8CVSS2.2AI score0.0624EPSS
Exploits12References2
NVD
NVD
added 2017/10/16 6:29 p.m.19 views

CVE-2014-0208

Cross-site scripting XSS vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name...

5.4CVSS5.1AI score0.00823EPSS
Exploits1References3
Cvelist
Cvelist
added 2017/10/16 6:0 p.m.23 views

CVE-2014-0208

Cross-site scripting XSS vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name...

5.1AI score0.00823EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2017/10/16 12:0 a.m.4 views

PT-2017-5778 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.4 Description: A cross-site scripting XSS issue exists in the search auto-completion functionality, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted key name...

5.4CVSS5AI score0.00823EPSS
Exploits1References4
Kitploit
Kitploit
added 2017/02/21 1:58 p.m.23 views

Halcyon - IDE for Nmap Script (NSE) Development

Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...

7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/09/10 1:9 p.m.4 views

foreman: XSS in key name auto-completion

Cross-site scripting XSS vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name...

5.4CVSS5.9AI score0.00823EPSS
Exploits1References4
Kitploit
Kitploit
added 2014/06/27 8:47 p.m.46 views

The Mole - Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server,...

8.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.43 views

Scientific Linux Security Update : bash on SL5.x i386/x86_64

Bash is the default shell for Scientific Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary fil...

6.9CVSS5.8AI score0.00338EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/07/26 12:0 a.m.50 views

Mac OS X : Apple Safari < 6.0 Multiple Vulnerabilities

The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0. It is, therefore, potentially affected by several issues : - An unspecified cross-site scripting issue exists. CVE-2012-0678 - An error in the handling of 'feed://' URLs can allow local files to be disclosed to...

10CVSS7.9AI score0.03811EPSS
Exploits20References123
The Hacker News
The Hacker News
added 2012/03/05 5:31 p.m.9 views

The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool

The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the...

8.3AI score
Exploits0
The Hacker News
The Hacker News
added 2011/12/10 9:14 a.m.9 views

The Mole - Another Automatic SQL Injection exploitation tool

The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based...

8.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/09/27 12:0 a.m.70 views

Web Server Allows Password Auto-Completion (PCI-DSS variant) (deprecated)

This plugin has been deprecated because the corresponding failure item in the ASV Program Guide no longer pertains, as of the May 2013 release. Plugin ID 42057 should be used instead. %NASLMINLEVEL 999999 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2016/06/13. Confirmed not required...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/09/23 12:0 a.m.49 views

CentOS 5 : bash (CESA-2011:1073)

An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

6.9CVSS5.7AI score0.00338EPSS
Exploits0References5
Rows per page
Query Builder