Wfuzz - Web Application Fuzzer

Wfuzz has been created to facilitate the task in web applications assessments and it is based on a simple concept: it replaces any reference to the FUZZ keyword by the value of a given payload. A payload in Wfuzz is a source of data. This simple concept allows any input to be injected in any fiel...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0036

An update of linux packages for PhotonOS has been released...

VK.com: Хранимая XSS на странице "Виджет для авторизации"

Self-XSS на странице документации виджета. На счет того Self-XSS это или нет - оставляю на усмотрение общественности. Но лично мое мнение - команда vk тут все же ошибается. Для эксплуатации уязвимости атакующий должен был: Создать приложение с именем javascript:alert1;// Добавить атакуемого...

CVE-2017-14491

creationtimestamp| type| source ---|---|--- 2017-10-02 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42941 2020-10-14 14:43:01+00:00| seen| https://t.me/icscert/348...

Debian DSA-3984-1 : git - security update

joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support ha...

CVE-2017-11120

creationtimestamp| type| source ---|---|--- 2017-09-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42784 2018-02-12 08:43:55+00:00| seen| https://t.me/SecLabNews/1509 2018-02-13 13:20:43+00:00| seen| https://t.me/informationsecuritychannel/13126...

princeton.edu XSS vulnerability

Vulnerable URL: https://www.princeton.edu/roxen/documentation/rxml//index.xml?rth=sb-login"'--!confirmOPENBUGBOUNTY...

spartansg.com XSS vulnerability

Open Bug Bounty ID: OBB-303102 Description| Value ---|--- Affected Website:| spartansg.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

openSUSE: Security Advisory for qemu (openSUSE-SU-2017:2513-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2017:2416-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: CVE-2017-10664: Fix DOS vulnerability in qemu-nbd bsc1046636 CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection support bsc1047674 CVE-2017-11334: Fix OOB access during DMA operation bsc1048902...

Fedora 26 : mingw-libidn2 (2017-fe4f93fde4)

Libidn2 2.0.4 released 2017-08-30 =================================== - Fix integer overflow in bidi.c/isBidi - Fix integer overflow in punydecode.c/decodedigit - Improve docs - Fix idnafree to idnfree - Update fuzzer corpora Note that Tenable Network Security has extracted the preceding...

Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim

Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 1...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0032

An update of linux packages for PhotonOS has been released...

Fedora 25 : libidn2 (2017-57722ccd30)

Libidn2 2.0.4 released 2017-08-30 =================================== - Fix integer overflow in bidi.c/isBidi - Fix integer overflow in punydecode.c/decodedigit - Improve docs - Fix idnafree to idnfree - Update fuzzer corpora Note that Tenable Network Security has extracted the preceding...

Fedora 26 : libidn2 (2017-2d4ead8da9)

Libidn2 2.0.4 released 2017-08-30 =================================== - Fix integer overflow in bidi.c/isBidi - Fix integer overflow in punydecode.c/decodedigit - Improve docs - Fix idnafree to idnfree - Update fuzzer corpora Note that Tenable Network Security has extracted the preceding...

restic cryptography

tl;dr: this is not an audit and I take no responsibility for your backups, but I had a quick look at the crypto and I think I'm going to use restic for my personal backups. I keep hearing good things about restic. I am redoing my storage solution, and restic seems to tick all the boxes for my...

[SECURITY] Fedora 25 Update: postgresql-9.5.8-1.fc25

PostgreSQL is an advanced Object-Relational database management system DBM S. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine ...

AVPASS - Tool For Leaking And Bypassing Android Malware Detection System

AVPASS is a tool for leaking the detection model of Android malware detection systems i.e., antivirus software, and bypassing their detection logics by using the leaked information coupled with APK obfuscation techniques. AVPASS is not limited to detection features used by detection systems, and...

CVE-2017-6989

creationtimestamp| type| source ---|---|--- 2017-08-26 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42555...

openldap security update

CentOS Errata and Security Advisory CESA-2017:1852 An update for openldap is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...