PyJFuzz - Python JSON Fuzzer

PyJFuzz is a small, extensible and ready-to-use framework used to fuzz JSON inputs , such as mobile endpoint REST API, JSON implementation, Browsers, cli executable and much more. Version | 1.1.0 ---|--- Homepage | http://www.mseclab.com/ Github | https://github.com/mseclab/PyJFuzz Author | Danie...

Bluemix Container Authorization Controls

Date : 09/12/2016 Author : Oscar Martinez Tested on:cf version 6.22.1+6b7af9c-2016-09-24 / Docker version 1.12.3, build 6b644ec / API endpoint: https://api.ng.bluemix.net API version: 2.54.0 API endpoint: https://api.ng.bluemix.net API version: 2.54.0 Vendor : IBM Software : bluemix...

OracleVM 3.3 / 3.4 : sudo (OVMSA-2016-0170)

The remote OracleVM system is missing necessary patches to address critical security updates : - Update noexec syscall blacklist - Fixes CVE-2016-7032, CVE-2016-7076 Resolves: rhbz1391937 - RHEL-6.8 erratum - fixed a bug causing that non-root users can list privileges of other users Resolves:...

Man-in-the-Middle (MitM) Attacks

galenframework-cli is vulnerable to man-in-the-middle attacks. The library downloads binaries via HTTP, allowing a malicious user to swap out the requested binary with another binary for the system to execute...

Downloads Resources over HTTP

Overview Affected versions of cobalt-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution o...

Downloads Resources over HTTP

Overview Affected versions of galenframework-cli insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Press Shift + F10 during Windows 10 Upgrade to Launch Root CLI & bypass BitLocker

If your computer's security relies on Windows BitLocker Hard Drive Encryption software, then Beware! Because anyone with physical access to your PC can still access your files within few seconds. All an attacker need to do is hold SHIFT+F10 during Windows 10 update procedure. Security researcher...

[ASA-201611-25] wireshark-cli: multiple issues

Arch Linux Security Advisory ASA-201611-25 ========================================== Severity: High Date : 2016-11-24 CVE-ID : CVE-2016-9373 CVE-2016-9374 CVE-2016-9375 CVE-2016-9376 Package : wireshark-cli Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summa...

Varnish Cache CLI Login Utility

This module attempts to login to the Varnish Cache varnishd CLI instance using a bruteforce list of passwords. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' requir...

WAFNinja - Penetration testers favorite for WAF Bypassing

WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment. Many payloads and fuzzing...

CVE-2016-6430

CVE-2016-6430 affects Cisco IP Interoperability and Collaboration System (IPICS) CLI. The vulnerability arises from insufficient input validation in the command-line interface, allowing an authenticated, local attacker to elevate session privileges. Known affected release: IPICS 4.10(1); fixed in...

Juniper Junos Multiple CLI Command Handling Local Privilege Escalations (JSA10763)

According to its self-reported version number, the remote Juniper Junos device is affected by multiple privilege escalation vulnerabilities in the Junos CLI. A local attacker can exploit these, via specially crafted CLI commands and arguments, to gain elevated privileges. C Tenable Network...

DracOS - Lightweight and Powerful Penetration Testing OS

Dracos Linux www.dracos-linux.org is the Linux operating system from Indonesian , open source is built based on the Linux From Scratch under the protection of the GNU General Public License v3.0. This operating system is one variant of Linux distributions, which is used to perform security testin...

Juniper Networks Junos OS Multiple Privilege Escalation Vulnerabilities

Junos OS is prone to multiple privilege escalation vulnerabilities in JunOS CLI. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

openSUSE Security Update : kde-cli-tools5 (openSUSE-2016-1171)

This update for kde-cli-tools5 fixes the following vulnerability : - CVE-2016-7787: user could sneak an unicode string terminator in the kdesu invocation boo1001916 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

OPENSUSE-SU-2016:2498-1 Security update for kde-cli-tools5

This update for kde-cli-tools5 fixes the following vulnerability: CVE-2016-7787: user could sneak an unicode string terminator in the kdesu invocation boo1001916...

OPENSUSE-SU-2016:2495-1 Security update for kde-cli-tools5

This update for kde-cli-tools5 fixes the following vulnerability: CVE-2016-7787: user could sneak an unicode string terminator in the kdesu invocation boo1001916...

CVE-2016-6434

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370...

Code injection

Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection...

Hardcoded credentials

Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370...