58 matches found
uninitialized random
libcurl's new internal function that returns a good 32-bit random value was implemented poorly and overwrote the pointer instead of writing the value into the buffer the pointer pointed to. This random value is used to generate nonces for Digest and NTLM authentication, for generating boundary...
Net-creds - Sniff passwords and hashes from an interface or pcap file
Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Sniffs URLs visited POST loads sent HTTP form logins/passwords HTTP basic auth logins/passwords HTTP searches FTP logins/passwords IRC...
D-Link Routers Haunted by Remote Command Injection Bug
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the...
THC-Hydra 8.1 - Network Logon Cracker
A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...
Edimax AR-7084GA Router CSRF + Persistent XSS Exploit
No description provided by source. ?php / Edimax AR-7084GA Router CSRF + Persistent XSS Exploit Firmware version: 2.9.8.1RUE0.C2A3.7.6.1 Vulnerable page: http://xx.xx.xx.xx/advanced/advnatvirsvr.htm Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co....
PHP-Nuke 7.4 - Remote Privilege Escalation
No description provided by source. A demonstration exploit HTTP form is provided: form name=mantra method=POST action=http://www.sitewithphpnuke.com/admin.php pUSERNAME: input type=text name=addaid br NOME: input type=text name=addname br PASSWORD: input type=text name=addpwd br E-MAIL: input...
[THC-Hydra 7.5] Fast Parallel Network Logon Cracker
Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...
[THC-Hydra v7.5] Fast network logon cracker
CHANGELOG for 7.5 =================== Moved the license from GPLv3 to AGPLv3 see LICENSE file Added module for Asterisk Call Manager Added support for Android where some functions are not available hydra main: - reduced the screen output if run without -h, full screen with -h - fix for ipv6 and...
Fedora Update for curl FEDORA-2013-2098
Check for the Version of curl OpenVAS Vulnerability Test Fedora Update for curl FEDORA-2013-2098 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Ghost Phisher
Ghost Phisher is a computer security application that comes inbuilt with a Fake DNS Server, Fake DHCP Server, Fake HTTP server and also has an integrated area for automatic capture and logging of HTTP form method credentials to a database. The program could be used as an honey pot,could be used t...
Nmap NSE net: http-form-brute
Performs brute force password auditing against http form-based authentication. SYNTAX: brute.unique: make sure that each password is only guessed once default: true http-form-brute.hostname: sets the host header in case of virtual hosting brute.retries: the number of times to retry if recoverable...
Nmap NSE net: http-form-brute
This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EgY SpIdEr ShElL : Shell strongest in the history the hacker !
Sites get hacked every day. The bad guys often install a toolkit to control remote servers effectively. Here is one called EgY SpIdEr ShElL: When logging in, you get a quick overview of the machine with what services are running, as well as some hardware specs.: The toolkit provides you with...
A-Link WL54AP3 and WL54AP2 CSRF+XSS Vulnerability
No description provided by source. Louhi Networks Information Security Research Security Advisory Advisory: A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability Release Date: 2008/10/31 Last Modified: 2008/10/28 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg [email protected]...
PHP-Nuke 7.4 Remote Privilege Escalation
No description provided by source. A demonstration exploit HTTP form is provided: form name="mantra" method="POST" action="http://www.sitewithphpnuke.com/admin.php" pUSERNAME: input type="text" name="addaid" br NOME: input type="text" name="addname" br PASSWORD: input type="text" name="addpwd" br...
PHP-Nuke 7.4 - Privilege Escalation
PHP-Nuke 7.4 - Privilege Escalation A demonstration exploit HTTP form is provided: USERNAME: NOME: PASSWORD: E-MAIL: milw0rm.com 2004-09-08...
PHP-Nuke 7.4 - Privilege Escalation
A demonstration exploit HTTP form is provided: USERNAME: NOME: PASSWORD: E-MAIL: milw0rm.com 2004-09-08...
HTTP login page
This script logs onto a web server through a login page and stores the authentication / session cookie. C Tenable Network Security, Inc. @PREFERENCES@ include"compat.inc"; ifdescription scriptid11149; scriptversion"1.37"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/09/29";...