AWE: Adaptive Agents for Dynamic Web Penetration Testing

Modern web applications are increasingly produced through AI-assisted development and rapid no-code deployment pipelines, widening the gap between accelerating software velocity and the limited adaptability of existing security tooling. Pattern-driven scanners fail to reason about novel contexts,...

FUSE - A Penetration Testing Tool For Finding File Upload Bugs

FUSE is a penetration testing system designed to identify Unrestricted Executable File Upload UEFU vulnerabilities. The details of the testing strategy is in our paper, "FUSE: Finding File Upload Bugs via Penetration Testing", which appeared in NDSS 2020. To see how to configure and execute FUSE,...

UltimatePOS 2.5 Remote Code Execution Vulnerability

Exploit for php platform in category remote exploits Exploit Title: UltimatePOS 2.5 - Remote Code Execution Google Dork: intext:"UltimatePOS" Exploit Author: Renos Nikolaou Vendor Homepage: http://ultimatefosters.com/ Software Link:...

LocalTapiola: Malicious file upload (secure.lahitapiola.fi)

Basic report information Summary: Malicious file upload Description: Hello! I noticed that when a user sends new message you have restricted pretty strictly the files which is ok to upload. Like .svg: F254353 How ever if a user impersonate another user just a one example and start the conversatio...

CVE-2017-8736

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the...