CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox

CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for automating analysis of suspicious files, CuckooDroid brigs to cuckoo the capabilities of execution and analysis of android application. Installation - Easy integration script: git config --global user.email...

docs.newrelic.com XSS vulnerability

Vulnerable URL: https://docs.newrelic.com/search/node/%22%3E%3Cscript%3Ealert'OPENBUGBOUNTY'%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinat...

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

Extending Linux Executable Logging With The Integrity Measurement Architecture

Gaining insight into the files being executed on your system is a great first step towards improved visibility on your endpoints. Taking this a step further, centrally storing logs of file execution data so they can be used for detection and hunting provides an excellent opportunity to find evil ...

CVE-2016-6079

creationtimestamp| type| source ---|---|--- 2016-11-04 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40710...

Boonex Dolphin 7.3 Authentication Bypass

Exploit Title : Boonex Dolphin all versoin array This will allow the attacker to bypass the authentication and can also enter in admin panel. Already communicated to dolphin developers. https://www.boonex.com/forums/topic/Security-Bug-High-Authentication-bypass.htm Independent Pakistani Security...

King Phisher 1.5.2 - Phishing Campaign Toolkit

King Phisher is a tool for testing and promoting user awareness by simulating real world phishing attacks. It features an easy to use, yet very flexible architecture allowing full control over both emails and server content. King Phisher can be used to run campaigns ranging from simple awareness...

SOL24923910 - LibTIFF vulnerability CVE-2016-3632

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

[SECURITY] Fedora 23 Update: python-pillow-3.0.0-6.fc23

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt , devel developme...

KNXmap - KNXnet/IP scanning and auditing tool for KNX home automation installations

A tool for scanning and auditing KNXnet/IP gateways on IP driven networks. KNXnet/IP defines Ethernet as physical communication media for KNX EN 50090, ISO/IEC 14543. KNXmap also allows to scan for devices on the KNX bus via KNXnet/IP gateways. In addition to scanning, KNXmap supports other modes...

Subversion 1.6.61.6.12 - Code Execution

Subversion 1.6.61.6.12 - Code Execution This is an exploit for the subversion vulnerability published as CVE-2013-2088. Author: GlacierZ0ne [email protected] Exploit Type: Code Execution Access Type: Authenticated Remote Exploit Prerequisites: svn command line client available, subversion serv...

Subversion 1.6.6/1.6.12 - Code Execution

This is an exploit for the subversion vulnerability published as CVE-2013-2088. Author: GlacierZ0ne [email protected] Exploit Type: Code Execution Access Type: Authenticated Remote Exploit Prerequisites: svn command line client available, subversion server exposes webdav through apache,...

Broken CORS

Overview Affected versions of sails have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This may allow an attacker to make AJAX requests to vulnerable hosts through cross-site scripting or a malicious...

Gather AWS EC2 Instance Metadata

This module will attempt to connect to the AWS EC2 instance metadata service and crawl and collect all metadata known about the session'd host. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Storefront 3.7 console displays Store as Internal Only

Question: After upgrade to Storefront 3.7 the store is displayed as Internal Only. In the details it shows Remote Access as Enabled and it also works with Netscaler Gateway. Answer: This is a known issue in Storefront 3.7 and is also mentioned in the edocs...

Ruby: Ruby OpenSSL Library - IV Reuse in GCM Mode

Hello, An IV reuse bug was discovered in Ruby's OpenSSL library when using aes-gcm. When encrypting data with aes--gcm, if the IV is set before setting the key, the cipher will default to using a static IV. This creates a static nonce and since aes-gcm is a stream cipher, this can lead to known...

CVE-2016-7084

creationtimestamp| type| source ---|---|--- 2016-09-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40399...

Mercenary Linux

Mercenary-Linux is a “new-era” lightweight distribution of mostly Dockerized tools built for field expedient hunting, forensics, and malware analysis. This problem birthed MHF Mercenary Hunt Framework which allows the hunt team to easily perform hunt operations within a framework that aggregates...

ipmi-brute NSE Script

Performs brute force password auditing against IPMI RPC server. Script Arguments brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass See the documentation for the brute...

Active Directory functional level 2012 Support in PVS

PVS 7.6+- It is not specifically stated in the System Requirements for PVS: http://docs.citrix.com/en-us/provisioning/7-6/pvs-requirements.html, but it is supported. When deploying XenDesktop/XenApp 7.6 in your environment and using PVS 7.6 as a means of provisioning, settingthe Functional Level ...