FileBuster - An Extremely Fast And Flexible Web Fuzzer

An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...

voepassaredo.com.br Open Redirect vulnerability

Vulnerable URL: https://www.voepassaredo.com.br/erro.asp?IdErro=A4FPGTWNAb9l2FOS====LinguaTraducaoSessao==13=8855648==no Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank|...

CVE-2016-9832

PricewaterhouseCoopers PwC ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via 1 SAPGUI or 2 Internet Communication Framework ICF over HTTP or HTTPS, as demonstrated by WEBGUI or Report...

CVE-2016-9832

PricewaterhouseCoopers PwC ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via 1 SAPGUI or 2 Internet Communication Framework ICF over HTTP or HTTPS, as demonstrated by WEBGUI or Report...

Design/Logic Flaw

PricewaterhouseCoopers PwC ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via 1 SAPGUI or 2 Internet Communication Framework ICF over HTTP or HTTPS, as demonstrated by WEBGUI or Report...

Extremely Fast Flexible Web Fuzzer: Filebuster

Extremely Fast Flexible Web Fuzzer Filebuster was built based on one of the fastest HTTP classes in the world of PERL – Furl::HTTP. Also the thread modelling is a bit optimized to run as fast as possible. Features It packs a ton of features like: The already mentioned Regex patterns Supports...

Open Source Privacy Enhancing iOS Web Browser: Onion Browser

Open Source Privacy Enhancing iOS Web Browser Onion Browser is a free web browser for iPhone and iPad that encrypts and tunnels web traffic through the Tor network , with extra features to help you browse the internet privately. Features & Benefits Internet access is tunneled through the Tor...

Cisco Content Security Management Appliance AsyncOS Software Update Server Certificate Validation Vulnerability (cisco-sa-20161207-asyncos)

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a...

Cisco Web Security Appliance AsyncOS Software Update Server Certificate Validation Vulnerability

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to impersonate the update server. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced source...

mmobugs.com Open Redirect vulnerability

Vulnerable URL: http://www.mmobugs.com/forums/redirect-to/?redirect=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 3687633 VIP website...

Cisco Security Appliances AsyncOS Software Update Server Certificate Validation Vulnerability

A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance ESA, Cisco Web Security Appliance WSA, and Cisco Content Management Security Appliance SMA could allow an unauthenticated, remote attacker to impersonate the update server. The vulnerability i...

palladium.bre.co.uk XSS vulnerability

Vulnerable URL: http://palladium.bre.co.uk/scripts/wa.exe?SHOWTPL=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculat...

PT-2016-3171 · Apache +5 · Apache Http Server +5

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server mod ssl versions 2.2.x through 2.2.32 Apache HTTP Server mod ssl versions 2.4.x through 2.4.25 Description: The issue is related to a NULL pointer dereference error in the mod ssl module of the Apache HTTP Server. This erro...

Apache Httpd < 2.2.34 : mod_ssl Null Pointer Dereference

modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

Apache Httpd < 2.4.26 : mod_ssl Null Pointer Dereference

modssl may dereference a NULL pointer when third-party modules call aphookprocessconnection during an HTTP request to an HTTPS port...

Downloads Resources over HTTP

Overview Affected versions of macaca-chromedriver-zxa insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in cod...

Simple App to-end security vulnerability of any debugging vulnerabilities, the middleman hijacking vulnerability and the encryption algorithm vulnerability-vulnerability warning-the black bar safety net

Last week to introduce to the APP-end backup feature is turned on vulnerability and local denial of service vulnerability this week to introduce the completion of the last of the three common App-side vulnerabilities: arbitrary debugging vulnerabilities, MiTM hijacking vulnerability and the...

subversion -- Unrestricted XML entity expansion in mod_dontdothat and Subversionclients using http(s)

The Apache Software Foundation reports: The moddontdothat module of subversion and subversion clients using https:// are vulnerable to a denial-of-service attack, caused by exponential XML entity expansion. The attack targets XML parsers causing targeted process to consume excessive amounts of...

CentOS 7 : wget (CESA-2016:2587)

An update for wget is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Gratipay: Secure Pages Include Mixed Content

Hello, The page includes mixed content, that is content accessed via HTTP instead of HTTPS. tag=img src=http://www.gravatar.com/avatar/abbcd6344e160597fb2694f25c46149f.jpg?s=256&d=http%3A%2F%2Fwww.openstreetmap.org%2Fassets%2Fusers%2Fimages%2Flarge-8d2e51c2ddd01eb899f4bfb0bca3cf5e.png Evidence:...