Reverse IP Lookup Tool: RevIP

Reverse IP Lookup Tool: RevIP ReverseIP or RevIP is a ruby-based reverse IP-lookup tool, which finds all domains hosted on a web server and returns the HTTP status code of those domains. Installation You can “install” RevIP by simply adding an alias in your /.bashrc after cloning the git reposito...

CVE-2016-9752

Serendipity (PHP weblog engine) is affected by CVE-2016-9752 in versions before 2.0.5, where an attacker can bypass SSRF protection by supplying a malformed IP address (for example, http://127.1) or triggering a 30x redirect. The vulnerability enables bypass of server-side request forgery protect...

Design/Logic Flaw

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote...

RHEL 7 : httpd (RHSA-2016:1422) (httpoxy)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CentOS 7 : httpd (CESA-2016:1422) (httpoxy)

An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RedHat Update for httpd RHSA-2016:1422-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS Update for httpd CESA-2016:1422 centos7

Check the version of httpd SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882521";...

Memory corruption

Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance WSA devices allows remote attackers to cause a denial of service memory consumption via an unspecified HTTP status code, aka Bug ID CSCur28305...

CVE-2015-4334

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...

Default configuration

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...

CVE-2015-4334

The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers OCS when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive...

0d1n - Tool For Automating Customized Attacks Against Web Applications

Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. You can do: brute force passwords in auth forms directory disclosure use PATH list to brute, and find HTTP status code test list on input to find SQL Injection and XSS vulnerabilities To run: require libcurl-dev or...

Code injection

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

CVE-2015-1229

net/http/proxyclientsocket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 aka Proxy Authentication Required HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response...

CVE-2015-1229

CVE-2015-1229 : Google Chrome before 41.0.2272.76 fails to properly handle a 407 (Proxy Authentication Required) response that includes a Set-Cookie header, enabling remote proxy servers to perform cookie-injection attacks. The vulnerability affects the net/http/proxy_client_socket.cc path and ca...

Mohachat 0.1.1 Cross Site Scripting / Redirection

Exploit Title: Mohachat 0.1.1 Cross Site Scripting Vulnerability Mohachat 0.1.1 HTML Form redirecting page Date: 2014 18 March Author: Dr.3v1l Vendor Homepage: http://mohachat.org Version : 0.1.1 Tested on: Windows Category: webapps Google Dork: intext:"MOHA Chat 0.1.1 S.H.Mohanjith" + Exploit :...

CVE-2013-6634

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...

Session fixation

The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/oneclicksigninhelper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper...

CVE-2013-6634

The CVE-2013-6634 issue affects Chromium/ chromium-browser prior to version 31.0.1650.63, where OneClickSigninHelper::ShowInfoBarIfPossible used an incorrect URL during realm validation. This allowed session fixation and potential web-session hijacking via a 302 redirect. The documented fixes upg...

CVE-2013-2873

Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources...