275 matches found
WiFi-Pumpkin v0.8.7 - Framework for Rogue Wi-Fi Access Point Attack
The WiFi-Pumpkin is a rogue AP framework to easily create these fake networks, all while forwarding legitimate traffic to and from the unsuspecting target. It comes stuffed with features, including rogue Wi-Fi access points, deauth attacks on client APs, a probe request and credentials monitor,...
Web-Traffic-Generator - A Quick And Dirty HTTP/S "Organic" Traffic Generator
Just a simple poorly written Python script that aimlessly "browses" the internet by starting at pre-defined rootURLs and randomly "clicking" links on pages until the pre-defined clickDepth is met. I created this as a noise generator to use for an Incident Response / Network Defense simulation. Th...
Noisy - Simple Random DNS, HTTP/S Internet Traffic Noise Generator
A simple python script that generates random HTTP/DNS traffic noise in the background while you go about your regular web browsing, to make your web traffic data less valuable for selling and for extra obscurity. Tested on MacOS High Sierra, Ubuntu 16.04 and Raspbian Stretch and is compatable wit...
Security Bulletin: A vulnerability in PHP affects PowerKVM (CVE-2016-5385)
Summary PowerKVM is affected by a vulnerability in PHP. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-5385 DESCRIPTION: PHP could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence ...
Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840
Summary There are vulnerabilities in Apache Tomcat to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-3092, CVE-2016-5385, CVE-5386, CVE-2016-5387, and CVE-2016-5388 could allow a remote attacker to wage a denial of service attack or redirect outbound...
Security Bulletin: IBM QRadar SIEM is vulnerable to various CGI vulnerabilities. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)
Summary Vulnerabilities affecting web servers that run code in a CGI or CGI-like context Vulnerability Details CVEID: CVE-2016-5387 DESCRIPTION: Apache HTTP Server could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the...
Security Bulletin: Multiple Security Vulnerabilities have been identified in components shipped with IBM Security Access Manager for Enterprise Single Sign-On
Summary IBM HTTP Server is shipped as a component of IBM Security Access Manager for Enterprise Single Sign-On ISAM ESSO. Imformation about the vulnerability affecting IBM HTTP Server has been published in a Security Bulletin IBM Websphere Application Server is shipped as a component of IBM...
CVE-2018-0296
A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will...
Cisco ASA Directory Traversal
A vulnerability in the web interface of the Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. It is also possible on certain software releases that the ASA will...
Free and Open Source Interactive HTTPS Proxy: mitmproxy
mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of...
CVE-2018-7259
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the networ...
CVE-2018-7259
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the networ...
Code injection
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the networ...
CVE-2018-7259
The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the networ...
Cisco WebEx Meeting Center URL Redirection Vulnerability
Cisco WebEx Meeting Center is a set of WebEx meeting solutions in the United States Cisco Cisco company's network of online meeting products. The product invites others to join the meeting via e-mail or instant messaging IM, and supports online product demonstrations, information sharing, and mor...
CVE-2017-12297
A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An...
CVE-2017-12297
A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts, aka a "URL Redirection Vulnerability." The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An...
Cisco WebEx Meeting Center URL Redirection Vulnerability
A vulnerability in Cisco WebEx Meeting Center could allow an authenticated, remote attacker to initiate connections to arbitrary hosts. The vulnerability is due to insufficient access control for HTTP traffic directed to the Cisco WebEx Meeting Center. An attacker could exploit this vulnerability...
Brother Printers Susceptible to Remote Denial of Service Attacks
Networked consumer and business printers manufactured and sold by Brother contain an unpatched vulnerability that can be abused by a remote attacker to cause a denial-of-service condition on the device. Researchers at Trustwave’s SpiderLabs on Monday disclosed the issue after numerous fruitless...
CVE-2017-14797
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories by leveraging the ability to sniff HTTP traffic on...