6505 matches found
Microsoft Unveils Cloud-Based Fuzz-Testing Service
Microsoft announced a cloud-based fuzz testing service called Project Springfield that identifies software bugs in applications that could turn into vulnerabilities. The service, announced at this week’s Microsoft 2016 Ignite technology conference in Atlanta, combines artificial intelligence and...
Mobile APP vulnerabilities automated detection platform construction-vulnerability warning-the black bar safety net
Preface: this article is the mobile APP Client Security The notes of the series of original articles in the first article, mainly about enterprise mobile APP automated vulnerability detection platform construction, mobile APP vulnerability detection history with cutting-edge technology, the APP...
An arbitrary file read vulnerability recorded-vulnerability warning-the black bar safety net
Black box testing Black-box testing found that an interface exist arbitrary file read vulnerability. ! "" The preferred determination is file read or file contains, because filegetcontent“/etc/passwd”include“/etc/passwd”black box view of the performance may be the same. And the file contains is c...
Fedora 22 : libxmp-4.3.10-1.fc22 (2016-8f950932c1)
Latest stable release from upstream. Includes: Fixes for bugs reported by Coverity Scan Fixes for problems caused by fuzz files reported by Jonathan Neuschafer Other changes Full upstream changelog: https://sourceforge.net/projects/xmp/files/libxmp/4.3.10/Changelog/vie w Note that Tenable Network...
privoxy -- multiple vulnerabilities
Privoxy Developers reports: Prevent invalid reads in case of corrupt chunk-encoded content. CVE-2016-1982. Bug discovered with afl-fuzz and AddressSanitizer. Remove empty Host headers in client requests. Previously they would result in invalid reads. CVE-2016-1983. Bug discovered with afl-fuzz an...
FreeBSD : testdisk -- buffer overflow with malicious disk image (c67069dc-0986-11e5-bb90-002590263bf5)
CGSecurity TestDisk Changelog reports : Various fix including security fix, thanks to : - Coverity scan Static Analysis of source code - afl-fuzz security-oriented fuzzer. - Denis Andzakovic from Security Assessment for reporting an exploitable Stack Buffer Overflow. Denis Andzakovic reports : A...
testdisk -- buffer overflow with malicious disk image
CGSecurity TestDisk Changelog reports: Various fix including security fix, thanks to: Coverity scan Static Analysis of source code afl-fuzz security-oriented fuzzer. Denis Andzakovic from Security Assessment for reporting an exploitable Stack Buffer Overflow. Denis Andzakovic reports: A buffer...
InfraRecorder 0.53 - Memory Corruption (Denial of Service)
Exploit Title: InfraRecorder Memory Corruption Exploit DOS Author: sajith version: version 0.53 vulnerable app link: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download Tested in windows Xp sp3,english rawinput"hit enter to fuzz" print "poc by sajith shetty"...
Ecmall某处存储型xss 2(有条件)
简要描述: 我怕你们又有特定的渠道知道漏洞了,所以自评为低。 详细说明: 这里仅仅测试一下xss的点在哪里,至于漏洞利用,这个点和之前那个xss1是一样的也可以getshell。 1.鸡肋的地方在于后台必须开启团购功能: 2.发布团购商品,还是按照老办法来fuzz一下: 3.查看该商品页面发现某处又过滤不严,存在xss漏洞 4.老方法拿shell 漏洞证明: 略...
Ecmall存储型xss可Getshell(有条件)
简要描述: 希望厂商不要又是通过XX渠道知晓,没有人修复找我修吧,在家待业中... 详细说明: 标题党一下,实际上是一处xss,欺骗管理访问下我们发布的商品页面便可结合csrf直接getshell,成功率还是很可观的,即使骗不到管理员也可以骗到其他的店主,也就发了。 注册会员开店发布商品,挨个fuzz,终于有地方没有过滤,tags和货号处存在xss漏洞。 后台可以直接编辑php文件,并且没有token的校验,正好可以拿来利用getshell: http://ecmall/admin/index.php?app=widget&act=edit&name=notice&file=script...
xml2 Fuzzer 1.0 exploit
xml2 Fuzzer is a fuzzing utility that daemonizes in order to fuzz the client side of a web browser. / xml2 fuzz ver 1.0 -- C:\x90c\xml2fuzz ./xmlfuzz / \ / \ | || | | | \ / / . || | | | / | include include define FUZZDAEMONPORT 9090 / fuzz type / define AAAAFUZZ 1 define NUMERICFUZZ 2 static char...
[Raft v3.0.1] Response Analysis and Further Testing Tool
Not an inspection proxy RAFT is a testing tool for the identification of vulnerabilities in web applications. RAFT is a suite of tools that utilize common shared elements to make testing and analysis easier. The tool provides visibility in to areas that other tools do not such as various client...
[Viproy] VoIP Penetration Testing Kit
Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and...
Script local/remote file inclusion/reading and file name truncation vulnerability FUZZ tool details-vulnerability warning-the black bar safety net
Script file include vulnerability can be said is endless, bitter in the market, there is no good comprehensive functions of the targeted open-source tools to do the reference, now the file contains several typical vulnerability for an example. To Plug-in source code and detailed description: This...
oday or exp mining techniques overview-vulnerability warning-the black bar safety net
A lot of times we on various 0day or exp with strong passion, indeed, the hand grip of such powerful weapons of destruction will make the target's combat becomes very smooth, but the problem is that not everyone can grasp the latest 0day, and to be clear that there is a lot we do not know the 0da...
PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool
PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range o...
GFI Faxmaker - Fax Viewer v10.0[build 237] DoS (Poc)
Exploit for windows platform in category dos / poc !/usr/bin/python Title: GFI Faxmaker Fax Viewer v10.0build 237 DoS Poc. From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Home: http://www.kioptrix.com Manifacturer's link: http://www.gfi.com Date Found: Oct 28th...
Nmap NSE net: dns-fuzz
This script launches a DNS fuzzing attack against any DNS server. The script induces errors into randomly generated but valid DNS packets. The packet template that we use includes one uncompressed and one compressed name. Use the 'dns-fuzz.timelimit' argument to control how long the fuzzing lasts...
Nmap NSE net: dns-fuzz
This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Universal Fuzzer by Codenomicon !
Codenomicon is a Finland based Information Security company. Recently it has released a universal fuzzer, a fuzz testing solution that combines heuristics and multiple fuzzers with a graphical user interface, automated test executions and reporting features. Fuzzing has been popular between hacke...