VirusTotal Adds Cynet's Artificial Intelligence-Based Malware Detection

VirusTotal, the famous multi-antivirus scanning service owned by Google, recently announced new threat detection capabilities it added with the help of an Israeli cybersecurity firm. VirusTotal provides a free online service that analyzes suspicious files and URLs to detect malware and...

EvilDLL - Malicious DLL (Reverse Shell) Generator For DLL Hijacking

Read the license before using any part from this code : Malicious DLL Win Reverse Shell generator for DLL Hijacking Features: Reverse TCP Port Forwarding using Ngrok.io Custom Port Forwarding option LHOST,LPORT Example of DLL Hijacking included Half-Life Launcher file Tested on Win7 7601, Windows...

Attacker-Group-Predictor - Tool To Predict Attacker Groups From The Techniques And Software Used

The tool predicts attacker groups from techniques and softwares used. It searches based on the MITRE ATT&CK framework How it works? 1- Collect data from https://attack.mitre.org/ about attacker groups 2- Get data from user about attack 3- Compare data and create result Installation git clone...

JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS

JSshell - a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, ... This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell - a tool to get a JavaScript shell with XSS by...

CVE-2020-13258

Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py...

CVE-2020-8616

A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector...

U.S. Dept Of Defense: RXSS - https://███/

Hello All I Found RXSS in your OWN Website Steps:- Add Payload XSS To /████?view= Example:- https://████/█████████?view=%3Cscript%3Ealert%22xElkomy%22%3C/script%3E Payloads:- Any payloads XSS Fix:- Filter input on arrival Encode data on output Use appropriate response headers Content Security...

VirtualTablet Server 3.0.2 - Denial of Service Exploit

Title: VirtualTablet Server 3.0.2 - Denial of Service PoC Author: Dolev Farhi Vulnerable version: 3.0.2 14 Link: http://www.sunnysidesoft.com/ CVE: N/A from thrift import Thrift from thrift.transport import TSocket from thrift.transport import TTransport from thrift.protocol import TBinaryProtoco...

Fedora: Security Advisory for phpMyAdmin (FEDORA-2020-25f3aea389)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: phpMyAdmin-4.9.5-1.fc30

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

spring-data-api: potential information disclosure through maliciously crafted example value in ExampleMatcher

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

ScoringEngine - Scoring Engine For Red/White/Blue Team Competitions

Scoring Engine for Red/White/Blue Team Competitions Getting started Download Docker. If you are on Mac or Windows, Docker Compose will be automatically installed. On Linux, make sure you have the latest version of Compose. If you're using Docker for Windows on Windows 10 pro or later, you must al...

CVE-2019-11027

Ruby OpenID aka ruby-openid through 2.8.0 has a remotely exploitable flaw. This library is used by Rails web applications to integrate with OpenID Providers. Severity can range from medium to critical, depending on how a web application developer chose to employ the ruby-openid library. Developer...

Cross-site scripting in PHPMailer

PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...

get_Team_Pass - Get Teamviewer's ID And Password From A Remote Computer In The LAN

Get teamviewer's ID and password from a remote computer in the LAN This program gets teamviewer's ID and password from a remote computer in the LAN. Most useful for postexploitation or sysadmins Tested on windows 7 and windows 10 x86 and x64 Prerequisites You must have valid credentials on the...

Metabigor - Intelligence Tool But Without API Key

Intelligence Tool but without API key What is Metabigor? Metabigor is Intelligence tool, its goal is to do OSINT tasks and more but without any API key. Installation go get -u github.com/j3ssie/metabigor Main features Discover IP Address of the target. Wrapper for running masscan and nmap on IP...

Unspecified Vulnerability in OpServices OpMon

OpServices OpMon is an IT infrastructure monitoring software from Brazil. A security vulnerability exists in OpServices OpMon. The vulnerability can be exploited by an attacker to execute a program e.g., nmap without the need for a sudo password...

WordPress WP Fanzone 3.1 SQL Injection

Exploit Title : Built with WordPress and WP FanZone Themes 3.1 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/01/2020 Vendor Homepage : wordpress.org - wpdevshed.com/wp-fanzone-theme/ Software Download Link :...

Video on Admin Dashboard < 1.1.4 - Authenticated Stored XSS

Video on Admin Dashboard is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin's options. A user can insert a simple script in the Widget Title text field, e.g. "alert'XSS';. Every specified user role by the plugin will now be targeted...

Netstat2Neo4J - Create Cypher Create Statements For Neo4J Out Of Netstat Files From Multiple Machines

Graphs help to spot anomalies and patterns in large datasets. This script takes netstat information from multiple hosts and formats them in a way to make them importable into Neo4j. Neo4j can be queried for find connections to certain hosts, from certain hosts, find out the usage or protocols and...