Raptor WAF v0.2 - Web Application Firewall using DFA

Raptor WAF is a simple web application firewall made in C, using KISS principle, to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path traversal. No more words, look at the following : WAF...

Multiple full path disclosure vulnerabilities

PMASA-2016-23 Announcement-ID: PMASA-2016-23 Date: 2016-06-23 Summary Multiple full path disclosure vulnerabilities Description This PMASA contains information on multiple full-path disclosure vulnerabilities reported in phpMyAdmin. By specially crafting requests in the following areas, it is...

Create TCP UDP Connections Over Audio Channel: Quiet-lwip

Quiet-lwip is a binding for libquiet to lwip . This binding can be used to create TCP and UDP connections over an audio channel. This channel may be speaker-to-mic “over the air” or through a wired connection. This binding provides an abstract version which emits and consumes floating point sampl...

[SECURITY] Fedora 23 Update: botan-1.10.13-1.fc23

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

Black Box WordPress Vulnerability Scanner: WPScan

WPScan is a Black Box WordPress Vulnerability Scanner that attempts to find known security weaknesses within WordPress installations. The application is provided for security professionals or WordPress administrators to help them find security problems and vulnerabilities in their installations. ...

sIPI - Simple IP Information Tools

This tool is aimed for Incident Response Team and anyone what's want to know the behaviour of the "suspicious" IP Address. The tools do search looking for reputation info from a set of open threat intelligence sources. Information about this IP like malware activity, malicious activity, blacklist...

[SECURITY] Fedora 24 Update: botan-1.10.13-1.fc24

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

[SECURITY] Fedora 23 Update: php-PHPMailer-5.2.14-1.fc23

Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...

Sublist3R - Fast Subdomains Enumeration Tool For Penetration Testers

Sublist3r is python tool that is designed to enumerate subdomains of websites using search engines. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r currently supports the following search engines: Google, Yahoo, Bing, Baidu,...

lessner.wz.cz XSS vulnerability

Open Bug Bounty ID: OBB-62903 Description| Value ---|--- Affected Website:| lessner.wz.cz Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...

ThemeMakers WordPress Themes Information Disclosure

WordPress 'ALL Themes' Developed By "ThemeMakers" File Information Exposure CWE: CWE-538 Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 15/05/2015 Vendor Homepage: http://themeforest.net/user/ThemeMakers/portfolio ALL THEMES Google Dork:...

WordPress Backup Plus Backup Disclosure

WordPress 'WP Backup Plus' Plugin Exposure Backup File to Unauthorized Control CWE: CWE-530 Risk: High Author: Hugo Santiago dos Santos Contact: [email protected] Date: 15/05/2015 Vendor Homepage: http://wpbackupplus.com/ Google Dork: inurl:/wp-content/uploads/wp-backup-plus/ PoC :...

Kadimus - LFI Scan & Exploit Tool

Kadimus is a tool to check sites to lfi vulnerability , and also exploit it Features: Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support...

WordPress Vulnerability Scanner: vane

Vane is a GPL fork of the now non-free popular wordpress vulnerability scanner WPScan. Install Vane Prerequisites Windows not supported Ruby = 1.9 RubyGems Git Debian/Ubuntu sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git clone...

clickjacking vulnerability of the mining and use-vulnerability and early warning-the black bar safety net

0x00 introduction 1 talking about clickjacking, a lot of people actually don't know what is. Compared toXSS, clickjacking becomes more mysterious, the clouds vulnerability database inside the related vulnerability is also less than 1 0 bar. 2 sleepy Dragon before hair through a clickjacking of...

Smartcard Undocumented Commands: THC-SmartBrute

This tools finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class CLA, Instruction-Number INS and the parameters or arguments P1, P2, P3. … iterates through all the possible values of CLA and INS to find a valid combination. Furthermore it tries to...

Olat Stored Cross Site Scripting

Affected software: //demo.olat.org/ Discovered by: Provensec Website: http://www.provensec.com Type of vulnerability: Stored XSS Author: Ankit Bharathan ,Provensec labs Description: Goto personal folder open any folder and create a new document xss.tct and then edit it fill field with " Then open...

pChart 2.1.3 - Multiple Vulnerabilities

No description provided by source. Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS Date: 2014-01-24 Exploit Author: Balazs Makany Vendor Homepage: www.pchart.net Software Link: www.pchart.net/download Google Dork: intitle:pChart 2.x - examples intext:2.1.3 Version: 2.1.3 Tested...

Uiga Personal Portal index.php (view) SQL Injection

No description provided by source. Exploit Title: Uiga Personal Portal index.php view SQL Injection Vulnerability Date: 27-4-2010 Author: 41.w4r10r Software Link : http://www.scriptdevelopers.net/download/uigapersonalportal.zip Version: Web Application Tested on: Apcahe/Unix CVE : if exists Dork ...

Sun Management Center 3.0/3.5 Error Message Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8873/info A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts...