141 matches found
CVE-2019-12102
Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabsmedia.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library permissions...
CVE-2019-12102
CVE-2019-12102 affects Kentico 11–12. The issue allows unauthenticated uploading and browsing of files via cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx. Root cause appears to be media library permissions/configuration, with vendor notes that by default all...
Up (Ultimate Plumber) - Tool For Writing Linux Pipes With Instant Live Preview
up is the Ultimate Plumber , a tool for writing Linux pipes in a terminal-based UI interactively, with instant live preview of command results. The main goal of the Ultimate Plumber is to help interactively and incrementally explore textual data in Linux, by making it easier to quickly build...
Shining a Light on a New Technique for Stealth Persistence
Red teamers like myself and my team are driven by a desire to out-innovate the bad guys – to help the good guys. We study their methods, strive to think like they do, work to better understand attacker techniques and test our mettle against the spectrum of technologies in use today to find new wa...
Man Climbs Severn Bridge. Your office is twice as easy and half as scary
So you think no one would ever sneak into your business? Think Again. The man who climbed the Severn Bridge and broke into the Big Brother house seems to have method to his madness. Here’s why. When I describe Social Engineering to some I get a common response: “Yeah, but who would ever do that i...
[SECURITY] Fedora 27 Update: nmap-7.60-8.fc27
Nmap is a utility for network exploration or security auditing. It supports ping scanning determine which hosts are up, many port scanning techniques determine what services the hosts are offering, and TCP/IP fingerprinting remote host operating system identification. Nmap also offers flexible ta...
UPDATE: Nmap 7.70 Upgrade Available!
PenTestIT RSS Feed The first exciting Nmap release of 2018 is Nmap 7.70 with improved OS and service detection capabilities in addition to an improved Npcap 0.99-r2! None of us really need any introduction to this very popular “network mapper“ which now includes an additional 9 new NSE scripts!...
objection - Runtime Mobile Exploration
objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. The project's name quite literally explains the approach as well, whereby...
Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices
Posted by Gal Beniamini, Project Zero In this blog post we’ll continue our journey towards over-the-air exploitation of the iPhone, by means of Wi-Fi communication alone. This part of the research will focus on the firmware running on Broadcom’s Wi-Fi SoC present on the iPhone 7. We’ll begin by...
longview.explore-wyoming.us XSS vulnerability
Vulnerable URL: http://longview.explore-wyoming.us/profile/Demographicsbyzipcode.asp?zipcode=%3Csvg/onload=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at 29.07.2017 Latest check for patch:| 29.07.2017 19:29 GMT Vulnerability type:| XSS Vulnerability status:| Publicl...
Survival Craft: Exploration - Corrupted files, Dynamic Code Loading, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Survival Craft: Exploration published at the 'play' market has multiple vulnerabilities...
Capture Windows Kernel Activity: Fibratus
Capture Windows Kernel Activity: Fibratus Tool for exploration and tracing of the Windows kernel Fibratus is a tool which is able to capture the most of the Windows kernel activity – process/thread creation and termination, file system I/O, registry, network activity, DLL loading/unloading and mu...
Tools recommended: Scanner Routerhunter, the router vulnerability scanner-vulnerability warning-the black bar safety net
! 0×0 0 Preface We will introduce a Automatic mining router vulnerability test tools, it can be automated on the Internet a wide range of search contains a vulnerability in the routing test, further confirmed these vulnerabilities, which relates to the D-link multiple router. The tool is using...
Exploration Lite - Suspicious files vulnerabilities
HackApp vulnerability scanner discovered that application Exploration Lite published at the 'play' market has multiple vulnerabilities...
World Craft 2: Exploration - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application World Craft 2: Exploration published at the 'play' market has multiple vulnerabilities...
Crafty World Exploration - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Crafty World Exploration published at the 'play' market has multiple vulnerabilities...
Ruby-Nmap - A Rubyful interface to the Nmap exploration tool and security / port scanner
A Ruby interface to nmap , the exploration tool and security / port scanner. Features Provides a Ruby interface for running nmap. Provides a Parser for enumerating nmap XML scan files. Examples Run Nmap from Ruby: require 'nmap/program' Nmap::Program.scan do |nmap| nmap.synscan = true...
iBooking CMS SQL Injection
VENTOR: www.ibooking.com.br Vulnerable versions: ALL File: filtrofaixaetaria.php Parameter: idPousadaGET DORK: intext:"Desenvolvido por ibooking" Reported: 15/10/2015 --------------------------------------------------------------------------------- AUTOR: Cleiton Pinheiro / Nick: googleINURL EMAI...
Nmap 6.47 - Free Security Scanner For Network Exploration & Security Audits
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols UDP, TCP, ICMP, etc...
Snoopy - A distributed tracking and data interception framework
Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi. There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications web sites...