Web Application Security Scanner Framework: Arachni

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating...

Kippo SSH Honeypot Detector

This module will detect if an SSH server is running a Kippo honeypot. This is done by issuing unexpected data to the SSH service and checking the response returned for two particular non-standard error messages. This module requires Metasploit: https://metasploit.com/download Current source:...

Amazon Linux AMI : php54 (ALAS-2014-343)

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

CVE-2014-6009

The Zombie Detector aka com.jimmybolstad.zombiedetector application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Zombie Detector aka com.jimmybolstad.zombiedetector application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6009

The Zombie Detector aka com.jimmybolstad.zombiedetector application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6009

The CVE-2014-6009 entry concerns the Android application Zombie Detector (com.jimmybolstad.zombiedetector) version 1.2, which does not verify X.509 certificates from SSL servers. This certificate validation flaw enables man-in-the-middle attackers to spoof servers and access sensitive information...

SSH 1.2.x CRC-32 Compensation Attack Detector Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2347/info Secure Shell, or SSH, is an encrypted remote access protocol. SSH or code based on SSH is used by many systems all over the world and in a wide variety of commercial applications. An integer-overflow bug in the...

USN-2230-1: chkrootkit vulnerability

Thomas Stangner discovered that chkrootkit incorrectly quoted certain values. A local attacker could use this issue to execute arbitrary code when chkrootkit is run and gain root privileges...

chkrootkit LTS security update

Package : chkrootkit Version : 0.49-4+deb6u1 CVE ID : CVE-2014-0476 Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option...

Mandriva Linux Security Advisory : php (MDVSA-2014:075)

A vulnerability has been discovered and corrected in php : The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption...

PHP 5.4.x < 5.4.27 awk Magic Parsing BEGIN DoS

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.27. It is, therefore, potentially affected by a denial of service vulnerability. A flaw exists in the awk script detector within magic/Magdir/commands where multiple wildcards with unlimited...

Updated file packages fix security vulnerabilities

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

DEBIAN-CVE-2013-7345

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

UBUNTU-CVE-2013-7345

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

CVE-2013-7345

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

CVE-2013-7345

CVE-2013-7345 affects PHP’s fileinfo/awk rule processing. The BEGIN regular expression detector in magic/Magdir/commands can backtrack when parsing an ASCII file with many newline characters, leading to CPU-denial of service. Connected advisories confirm the vulnerability impact was validated acr...

CVE-2013-7345

The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted ASCII file that triggers a large amount of...

OWASP Xenotix XSS Exploit Framework v4.5

Version 4.5 Additions JavaScript Beautifier Pause and Resume support for Scan Jump to Payload Cookie Support for POST Request Cookie Support and Custom Headers for Header Scanner Added TRACE method Support Improved Interface Better Proxy Support WAF Fingerprinting Load Files Hash Calculator Hash...

[Doona] Network Protocol Fuzzer

Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: https://github.com/wireghoul/doona. It's currently a little short on documentation, so I will let the changelog...