44 matches found
What is Geocoding? — How to Find Coordinates of An Address
How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet,...
Cross-site Scripting (XSS)
grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. An attacker can inject malicious script via auto-completion suggestions for description field for new or edited transactions during adding transaction. This vulnerability is exploitable in a non-default configuration whereby th...
Quiver - Tool To Manage All Of Your Tools For Bug Bounty Hunting And Penetration Testing
Quiver is the tool to manage all of your tools. It's an opinionated and curated collection of commands, notes and scripts for bug bounty hunting and penetration testing. Features ZSH / Oh-My-ZSH shell plugin Tab auto-completion Global variables Prefills the command line, doesn't hide commands fro...
Goscan - Interactive Network Scanner
GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...
Python-Nubia - A Command-Line And Interactive Shell Framework
Nubia is a lightweight framework for building command-line applications with Python. It was originally designed for the “logdevice interactive shell aka. ldshell” at Facebook. Since then it was factored out to be a reusable component and several internal Facebook projects now rely on it as a quic...
[ASA-201803-1] busybox: arbitrary code execution
Arch Linux Security Advisory ASA-201803-1 ========================================= Severity: High Date : 2018-03-01 CVE-ID : CVE-2017-16544 Package : busybox Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-512 Summary ======= The package busybox before versi...
NSE Nmap Script Development IDE: Halcyon
Halcyon IDE lets you quickly and easily develop scripts for performing advanced scans on applications and infrastructures with a range from recon to exploitation capabilities. It is the first IDE released exclusively for Nmap script development. Halcyon IDE is free and open source project always...
CVE-2017-16544
It was found that the tab auto-completion feature of BusyBox did not sanitize filenames, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by an attacker could potentially result in code execution, arbitrary file writes, or other attacks under...
CVE-2014-0208
Cross-site scripting XSS vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name...
CVE-2014-0208
Cross-site scripting XSS vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name...
PT-2017-5778 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.4 Description: A cross-site scripting XSS issue exists in the search auto-completion functionality, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted key name...
Halcyon - IDE for Nmap Script (NSE) Development
Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...
foreman: XSS in key name auto-completion
Cross-site scripting XSS vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name...
The Mole - Automatic SQL Injection Exploitation Tool
The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server,...
Scientific Linux Security Update : bash on SL5.x i386/x86_64
Bash is the default shell for Scientific Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary fil...
Mac OS X : Apple Safari < 6.0 Multiple Vulnerabilities
The version of Apple Safari installed on the remote Mac OS X host is earlier than 6.0. It is, therefore, potentially affected by several issues : - An unspecified cross-site scripting issue exists. CVE-2012-0678 - An error in the handling of 'feed://' URLs can allow local files to be disclosed to...
The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool
The Mole v0.3 Released : Automatic SQL Injection Exploitation Tool Nasel has just released the new version of The Mole, an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the...
The Mole - Another Automatic SQL Injection exploitation tool
The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based...
Web Server Allows Password Auto-Completion (PCI-DSS variant) (deprecated)
This plugin has been deprecated because the corresponding failure item in the ASV Program Guide no longer pertains, as of the May 2013 release. Plugin ID 42057 should be used instead. %NASLMINLEVEL 999999 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2016/06/13. Confirmed not required...
CentOS 5 : bash (CESA-2011:1073)
An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives...