Cross-Site Scripting (XSS)

modperl is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via el/functions.jsp, el/implicit-objects.jsp and jspx/textRotate.jspx in examples/jsp2...

Guarding against supply chain attacks—Part 3: How software becomes compromised

Do you know all the software your company uses? The software supply chain can be complex and opaque. It’s comprised of software that businesses use to run operations, such as customer relationship management CRM, enterprise resource planning ERP, and project management. It also includes the...

Entropy Toolkit - A Set Of Tools To Exploit Netwave And GoAhead IP Webcams

Entropy Toolkit is a set of tools to exploit Netwave and GoAhead IP Webcams. Entropy is a powerful toolkit for webcams penetration testing. Getting started Entropy installation cd entropy chmod +x install.sh ./install.sh Entropy uninstallation cd entropy chmod +x uninstall.sh ./uninstall.sh Entro...

GHSA-58MJ-PW57-4VM2 Cross-site scripting in PHPMailer

PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...

Phonia Toolkit - One Of The Most Advanced Toolkits To Scan Phone Numbers Using Only Free Resources

Phonia Toolkit is one of the most advanced toolkits to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Getting started Phonia installation cd...

InjuredAndroid - A Vulnerable Android Application That Shows Simple Examples Of Vulnerabilities In A CTF Style

A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity. Setup for a physical device 1. Download injuredandroid.apk from Github 2. Enable USB debugging on your Android test phone. 3. Connect your phone and your pc with a usb cabl...

Qiling - Advanced Binary Emulation Framework

Qiling is an advanced binary emulation framework, with the following features: Cross platform: Windows, MacOS, Linux, BSD Cross architecture: X86, X8664, Arm, Arm64, Mips Multiple file formats: PE, MachO, ELF Emulate & sandbox machine code in a isolated environment Provide high level API to setup...

Hershell - Multiplatform Reverse Shell Generator

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...

Exploit for CVE-2020-2551

Twitter: @Hktalent3135773...

RE:TERNAL - Repo Containing Docker-Compose Files And Setup Scripts Without Having To Clone The Individual Reternal Components

RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques in order to test blue-teaming capabilities. The simulations are mapped to the MITRE ATT&CK framework. This repo contains the compose...

Sshtunnel - SSH Tunnels To Remote Server

Inspired by https://github.com/jmagnusson/bgtunnel, which doesn't work on Windows. See also: https://github.com/paramiko/paramiko/blob/master/demos/forward.py Requirements paramiko Installation sshtunnel is on PyPI, so simply run: pip install sshtunnel or easyinstall sshtunnel or conda install -c...

yum security, bug fix, and enhancement update

createrepoc 0.11.0-3 - Backport patch to switch off timestamps on documentation in order to remove file conflicts RhBug:1738788 0.11.0-2 - Consistently produce valid URLs by prepending protocol. RhBug:1632121 - modifyrepoc: Prevent doubling of compression test.gz.gz RhBug:1639287 - Correct pkg...

Blind Spots in AI Just Might Help Protect Your Privacy

Researchers have found a potential silver lining in so-called adversarial examples, using it to shield sensitive data from snoops...

U.S. Dept Of Defense: Examples directory is PUBLIC on https://████████mil, leading to multiple vulns

Description: Hello, In an effort to consolidate reporting. I have located 4 issues with having the Examples Directory openmy require just 1 solution to mitigate The following URLs that show concern are the following: 1. https://█████mil/examples/servlets/servlet/SessionExample --Will lead to...

org.apache.storm:storm-kafka-client-examples (>=1.1.0 <=1.2.2), org.apache.storm:storm-kafka-examples (>=1.1.0 <=1.2.2) potentially affected by CVE-2018-11779 via org.apache.storm:storm-kafka (>=1.1.0 <=1.2.2)

org.apache.storm:storm-kafka MAVEN version =1.1.0, =1.1.0, =1.1.0, =1.2.2 Source cves: CVE-2018-11779 Source advisory: OSV:GHSA-25PC-85QF-6J69...

org.apache.storm:storm-kafka-client-examples (>=1.1.0 <=1.2.2), uk.co.gresearch.siembol:config-editor-sync (>=1.0.0 <=1.3.0) potentially affected by CVE-2018-11779 via org.apache.storm:storm-kafka-client (>=1.1.0 <=1.2.2)

org.apache.storm:storm-kafka-client MAVEN version =1.1.0, =1.1.0, =1.0.0, =1.3.0 Source cves: CVE-2018-11779 Source advisory: OSV:GHSA-25PC-85QF-6J69...

Pyattck - A Python Module To Interact With The Mitre ATT&CK Framework

A Python Module to interact with the Mitre ATT&CK Framework. pyattck has the following notable features in it's current release: Retrieve all Tactics, Techniques, Actors, Malware, Tools, and Mitigations All techniques have suggested mitigations as a property For each class you can access addition...

Spyse.Py - Python API Wrapper And Command-Line Client For The Tools Hosted On Spyse.Com

Python API wrapper and command-line client for the tools hosted on spyse.com. "Spyse is a developer of complete DAAS Data-As-A-Service solutions for Internet security professionals, corporate and remote system administrators, SSL / TLS encryption certificate providers, data centers and business...

Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping

CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta, CrossLinked will find vali...

Twint - An Advanced Twitter Scraping And OSINT Tool

Formerly known as Tweep, Twint is an advanced Twitter scraping tool written in Python that allows for scraping Tweets from Twitter profiles without using Twitter's API. Twint utilizes Twitter's search operators to let you scrape Tweets from specific users, scrape Tweets relating to certain topics...