Cross site request forgery (csrf)

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a 1 HTTP or 2 HTTPS request...

CVE-2014-4683

The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a 1 HTTP or 2 HTTPS request...

perl LWP::Protocol::https certificates check vulnerability

Certificate check is completely disabled if hostname check was disabled...

Ubuntu: Security Advisory (USN-2292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : LWP::Protocol::https vulnerability (USN-2292-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2292-1 advisory. It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was...

USN-2292-1: LWP::Protocol::https vulnerability

It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was requested to be disabled. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could possibly be exploited i...

X (Formerly Twitter): password sent over HTTP

URL: http://lb.vine.co/login you need to use HTTPS and enforce it :...

Automattic: Missing HSTS header in https://app.simplenote.com

Hi, Vulnerable Website: https://app.simplenote.com I tested the website using firefox add-on called: Strict Transport Security Detector https://addons.mozilla.org/en-US/firefox/addon/strict-transport-security-d/ HSTS addresses the following threats: User bookmarks or manually types...

Automattic: Missing HSTS header in https://public-api.wordpress.com

Hi, Vulnerable Website: https://public-api.wordpress.com/oauth2/authorize?clientid=930&responsetype=code&blogid=0&state=05f9c401dedcb9b3f33d82e8b335d1128d24d4cbc4a73903374f952acdfd34f6&redirecturi=https%3A%2F%2Fvaultpress.com%2Flogin%2F%3Faction%3Drequestaccesstoken I tested the website using...

Facebook Popup Trigger (Turn your visitors to visit your sites automatically)

To all spammy, you couldn't share your flagged links on facebook? Don't worry, with this instruction, you can by pass to share the link. This is not just only about bypass of linkshrim. This is all about opening Popup of any of your pages to open for your visitors as well. All you need is "https"...

HTTPS Inspection update for attending India CCA unauthorized digital certificates

...

Microsoft Expands TLS, Forward Secrecy Support

Microsoft is no exception when it comes to large technology providers committing to encrypting the services its users depend on. Today, the company announced an update on the progress it has made in engineering those changes, including the news that Outlook.com, its web-based email service,...

NAI Net Tools PKI Server 1.0 strong.exe Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1536/info Certain versions of Network Associates Inc.'s Net Tools PKI Public Key Infrastructure server ship with a buffer overflow vulnerability which could lead to a remote compromise of the system running the PKI server...

ISPConfig Authenticated Arbitrary PHP Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

MS13-097 Registry Symlink IE Sandbox Escape

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class Metasploit3...

VMware Server <= 2.0.1,ESXi Server <= 3.5 Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36842/info VMware products are prone to a directory-traversal vulnerability because they fail to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information...

CMS phpshop 2.0 - SQL Injection Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = 'SSV-77845' vul ID version = '1' author = 'hh' vulDate = '2013-01-14' createDate ...

2Wire HomePortal Series - Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9463/info It has been reported that the software is allegedly prone to a directory traversal vulnerability that may allow a remote attacker to access information outside the server root directory. This issue is reported t...

MailEnable Enterprise & Professional https Remote BoF Exploit

No description provided by source. !/usr/bin/perl This tools and to consider only himself to educational purpose -=MailEnable Enterprise & Professional HTTPS remote BoF exploit=- -= =- -= Discovered & Coded by CorryL info:www.x0n3-h4ck.org=- -= irc.xoned.net x0n3-h4ck corryl80atgmail.com=-...

Maligno - Penetration Testing Tool that Serves Metasploit Payloads

Maligno is an open source penetration testing tool that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission. Changelog: Metasploit multi-host support, socks4a server...