299 matches found
Admin-Panel_Finder - A Burp Suite Extension That Enumerates Infrastructure And Application Admin Interfaces (OTG-CONFIG-005)
A burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification : Web Application Security Testing 02-Configuration and Deployment Management Testing OTG v4 : OWASP OTG-CONFIG-005 WSTG : WSTG-CONF-05 Why should I use this extension?...
[SECURITY] Fedora 35 Update: weechat-3.5-2.fc35
WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...
Fedora: Security Advisory for weechat (FEDORA-2022-d165104234)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
YieldManager: Uniswap token swaps through fixed path may break yield distribution
Lines of code Vulnerability details Details & Impact All harvested yield tokens are swapped through the Uniswap adapter to USDC. While out of scope, the Uniswap adapter code is relevant here, as I note that the path taken for the swap would be assetFrom - WETH - assetTo unless assetFrom is alread...
Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders
The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could help new defenders...
Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders
The MITRE Center for Threat-Informed Defense, Microsoft, and other industry partners collaborated on a project that created a repeatable methodology for developing a top MITRE ATT&CK® techniques list. The method aims to facilitate navigation of the ATT&CK framework, which could help new defenders...
Low-rent RAT Worries Researchers
For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...
Raven - Advanced Cyber Threat Map (Simplified, Customizable, Responsive)
Raven - Advanced Cyber Threat Map Simplified, customizable and responsive. It uses D3.js with TOPO JSON, has 247 countries, 100,000 cities, and can be used in an isolated environment without external lookups!. Live - Demo https://qeeqbox.github.io/raven/ Offline - Demo Features Uses D3.js Not...
[SECURITY] Fedora 34 Update: vdr-skinnopacity-1.1.8-1.fc34.1
The VDR plugin "nOpacity" is a highly customizable native true color skin for the Video Disc Recorder...
[SECURITY] Fedora 35 Update: vdr-skinnopacity-1.1.8-3.fc35
The VDR plugin "nOpacity" is a highly customizable native true color skin for the Video Disc Recorder...
All About Ring’s New Virtual Security Guard
By Owais Sultan Ring’s Virtual Security Guard is a live, customizable motion event monitoring service by Rapid Response that works with the external Ring cameras at home or business. This is a post from HackRead.com Read the original post: All About Rings New Virtual Security Guard...
PeTeReport - An Open-Source Application Vulnerability Reporting Tool
PeTeReport Pe nTe st Report is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detaile...
Fedora: Security Advisory for rust-wast (FEDORA-2021-1805eacb48)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Pollenisator - Collaborative Pentest Tool With Highly Customizable Tools
Pollenisator is a tool aiming to assist pentesters and auditor automating the use of some tools/scripts and keep track of them. Written in python 3 Provides a modelisation of "pentest objects" : Scope, Hosts, Ports, Commands, Tools etc. Tools/scripts are separated into 4 categories : wave,...
IBM Security Guardium 安全漏洞
IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as customizable UI, report management and streamlined audit process building. IBM Security Guardium suffers from a security vulnerability that...
Elpscrk - An Intelligent Common User-Password Profiler Based On Permutations And Statistics
An Intelligent common user-password profiler that's named after the same tool in Mr.Robot series S01E01 In simple words, elpscrk will ask you about all info you know about your target then will try to generate every possible password the target could think of, it all depends on the information yo...
Invoke-DNSteal - Simple And Customizable DNS Data Exfiltrator
Invoke-DNSteal is a Simple & Customizable DNS Data Exfiltrator. This tool helps you to exfiltrate data through DNS protocol over UDP and TCP, and lets you control the size of queries using random delay. Also, allows you to avoid detections by using random domains in each of your queries and you c...
Facets - Moderately critical - Cross site scripting - SA-CONTRIB-2021-008
This module enables you to add customizable facets on search pages, from core search or searches provided by Search API. The module doesn't sufficiently filter all output in certain circumstances. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...
KICS - Find Security Vulnerabilities, Compliance Issues, And Infrastructure Misconfigurations Early In The Development Cycle Of Your Infrastructure-As-Code
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx. KICS stands for K eeping I nfrastructure as C ode S ecure, it is open source and is a must-have for any cloud native project...
Slack hurries to fix direct message flaw that allowed harassment
The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment. Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and...