Codiad 2.4.3 Cross Site Scripting / Local File Inclusion Vulnerabilities

Codiad version 2.4.3 suffers from cross site scripting and local file inclusion vulnerabilities. Exploit Title: Codiad - Cross Site Scripting - Local File Inclusion Vulnerability's Date: 19/12/2014 Url Vendor: http://codiad.com/ Vendor Name: Codiad Version: 2.4.3 CVE: CVE-2014-1137 Author:...

[SECURITY] Fedora 20 Update: castor-1.3.3-1.fc20

Castor is an open source data binding framework for Java. It's basically the shortest path between Java objects, XML documents and SQL tables. Castor provides Java to XML binding, Java to SQL persistence, and more...

Ruby on Rails: Multiple vulnerabilities

Background Ruby on Rails is a web-application and persistence framework. Description Multiple vulnerabilities have been discovered in Ruby on Rails. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code or cause a Denial of Service...

Lightweight Disassembly Framework: Capstone

Lightweight Disassembly Framework Capstone is a multi-platform, multi-architecture lightweight disassembly framework. Capstone Disassembly Engine v3.0 Released Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. Features...

Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment

The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best...

Radare - The Reverse Engineering Framework

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files This is the rewrite of radare 1.x branch to provide a framework with a set of libraries and programs to work with binary data. Radare project started as a forensics tool, an scriptabl...

phpok最新版(phpok4.2.024)一处盲注+后台getshell

简要描述： RT 详细说明： 文件/framework/www/postcontrol.php 26-38行 function indexf $id = $this-get"id"; $pid = $this-get'pid'; if!$id && !$pid errorPLang'未指定项目','','error'; $projectrs = $this-call-phpok'project',array"phpok"=$id,'pid'=$pid; if!$projectrs || !$projectrs'module' errorPLang"项目不符合要求",'','error';...

Web Auditing Framework: GoLismero

GoLismero is an open source framework for security testing. It’s currently geared towards web security, but it can easily be expanded to other kinds of scans. Features: Real platform independence. Tested on Windows, Linux, BSD and OS X. No native library dependencies. All of the framework has bee...

Facebook Releases osquery to Open Source

Facebook is in a giving mood today. The social networking giant announced today that it will release to open source a framework that detects and logs state changes in an operating system likely caused by an attack or performance meltdown. It also announced that it will hand out up to $300,000 nex...

Browser Exploitation Framework: BeEF

Browser Exploitation Framework The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging...

CVE-2014-7205

The Bassmaster Node.js plugin for the Hapi server contains CVE-2014-7205: an eval-based injection in the internals.batch function (lib/batch.js) before version 1.5.2, enabling remote arbitrary JavaScript execution. Documents show affected version range is bassmaster

Drozer - The Leading Security Assessment Framework for Android

drozer is a comprehensive security audit and attack framework for Android. With increasing pressure to support mobile working, the ingress of Android into the enterprise is gathering momentum. Have you considered the threat posed by the Android app that supports your business function, or Android...

[SECURITY] [DSA 3010-1] python-django security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3010-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 22, 2014 http://www.debian.org/security/faq -...

Bugcrowd Releases Open Source Vulnerability Disclosure Framework

The problems that come from doing security research on modern Web applications and other software aren’t just challenging for researchers, but also for the companies on the receiving end of their advisories. Companies unaccustomed to dealing with researchers can find themselves in a difficult...

Viper - A binary management and analysis framework dedicated to malware and exploit researchers

Viper is a binary analysis and management framework. Its fundamental objective is to provide a solution to easily organize your collection of malware and exploit samples as well as your collection of scripts you created or found over the time to facilitate your daily research. Think of it as a...

JBoss Java Class DeploymentFileRepository WAR deployment

No description provided by source. $Id: jbossdeploymentfilerepository.rb 9950 2010-08-03 15:14:34Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...

Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow

No description provided by source. $Id: ms10004textbytesatom.rb 10477 2010-09-25 11:59:02Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

HP JetDirect PJL Query Execution

No description provided by source. Exploit Title: HP JetDirect PJL Query Execution Date: Aug 7, 2011 Author: Myo Soe YGN Ethical Hacker Group - http://yehg.net/ Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the Metasploit Framework a...

Windows Manage Memory Payload Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...

Shellcode - Win32 MessageBox (Metasploit module)

No description provided by source. $Id: messagebox.rb 4 2010-02-26 00:28:00:00Z corelanc0d3r & rick2600 $ Installation instructions : Drop file in framework3/modules/payloads/singles/windows folder Usage : ./msfpayload windows/messagebox TITLE=Corelan TEXT=Greetz to corelanc0d3r P require...