INURLBR - Advanced Search in Multiple Search Engines

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. INURLBR scanner was developed by Cleiton Pinheiro, owner and founder of INURL - BRASIL. Tool made ​​in PHP that can...

Rockwell RSView32 Security Vulnerability Patched

Human machine interface software from Rockwell Automation has been patched, protecting users from a vulnerability in the way stored passwords are protected. The vulnerability was discovered in RSView32, versions 7.60.00 and earlier, according to an alert from the Industrial Control System Cyber...

Adobe Flash Player PCRE Regex Vulnerability

This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode. This module requires Metasploit:...

Generic DLL Injection From Shared Resource

This is a general-purpose module for exploiting conditions where a DLL can be loaded from a specified SMB share. This module serves payloads as DLLs over an SMB service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

Magento SSL Certificate Validation Security Bypass Vulnerability

Magento is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

Zend PHP Advanced Local File Inclusion (CVE-2010-2094)

This vulnerability class creates a new method for attackers for exploiting file inclusion vulnerabilities. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the compromised machine...

TCPDUMP ISAKMP Payload Handling DoS (CVE-2004-0183)

Tcpdump parses and displays, and optionally records packets received on a network interface matching a user provided filter. Two vulnerabilities exist in the Tcpdump ISAKMP payload handling module, which can be exploited to cause a DoS Denial of Service by sending packets with specially crafted...

SWFupload 2.5.0 - Cross Frame Scripting (XFS)

Exploit Title: SWFupload All Version XSF Vulnerability Date: 25/01/2014 Exploit Author: MindCracker - Team MaDLeeTs Contact : [email protected] - [email protected] | https://twitter.com/MindCrackerKhan Verion : All Tested on: Linux / Window Description : XSF occurs when an SWF have...

Good For Enterprise Android HTML Injection

https://labs.integrity.pt/articles/good-for-enterprise-android-html-injection-cve-2014-4925/ 1. Vulnerability Properties Title: HTML Injection in Good for Enterprise Android CVE ID: CVE-2014-4925 CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Vendor: Good Technology http://www1.good.com/...

MinaliC-Webserver-2.0.0

Exploit Title: MinaliC Webserver buffer overflow Date: 12 Apr 2013 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://minalic.sourceforge.net/ Version: MinaliC Webserver 2.0.0 import socket import struct 74 bytes calc.exe from...

ProjectSend r561 Ultimate Cross Site Scripting / Path Disclosure

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url Vendor: http://www.projectsend.org/ Vendor Name:...

Device42 DCIM Appliance Manager 'ping' Command Injection Vulnerability

Device42 DCIM Appliance Manager is prone to a command-injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple IQ Invisions Products Command Injection Vulnerability (Nov 2014)- Active Check

Multiple IQ Invisions products are prone to a command injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Multiple Trendnet TV-IP Cams Command Injection Vulnerability

Multiple Trendnet TV-IP Cams are prone to a command-injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Attackers Exploiting Windows OLE Vulnerability

Attackers are using a zero day vulnerability in nearly all supported versions of Windows in a series of targeted attacks. The flaw is in the OLE technology in Windows and can be used for remote code execution is a targeted user opens a rigged Office file. Microsoft is warning customers that there...

Security Advisory-CSRF Vulnerabilities in Multiple Products

Cross-site request forgery CSRF vulnerabilities are discovered in multiple products, including FusionManager Vulnerability ID: HWPSIRT-2014-0408 and USG firewall series Vulnerability ID: HWPSIRT-2014-0406. Vulnerabilities in the web interface of these devices could allow an unauthenticated, remot...

HackerOne: Redirect FILTER bypass in report/comment

Hello, I made few reports recently. But, I guess you did not understand my perspective. As my video recorder is not working, I am explaining everything in written. Lately, I reported about 'External Link Warning Bypass to open redirect users' and @michiel attended the report. Actually, the report...

ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection

source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

OL-Commerce - '/OL-Commerce/admin/create_account.php?entry_country_id' SQL Injection

source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

PHP-Nuke Recipe Module 1.3 - 'recipeid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27955/info The Recipe module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...