Vulnerability in packaging (CVE-2016-7048)

Interactive installer downloads software over plain HTTP, then executes it...

Flv Player 2011 1.3 DLL Hijacking

Document Title: =============== Flv Player 2011 v1.3 - DLL Hijacking Vulnerability Release Date: ============= 2016-09-23 Vulnerability Disclosure Timeline: ================================== 2016-09-30 : Public Disclosure Product & Service Introduction: =============================== FLV Player...

Ipod Video Converter DLL Hijacking

i?Document Title: =============== Ipod Video Converter - DLL Hijacking Vulnerability Release Date: ============= 2016-09-23 Vulnerability Disclosure Timeline: ================================== 2016-09-27 : Public Disclosure Product & Service Introduction: =============================== iPod Vid...

3GP Player 4.7.0 - DLL Hijacking Vulnerability

Document Title: =============== 3GP Player 4.7.0 - DLL Hijacking Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1955 Release Date: ============= 2016-09-23 Vulnerability Laboratory ID VL-ID: ==================================== 1955 Commo...

3GP Player 4.7.0 - DLL Hijacking Vulnerability

Document Title: =============== 3GP Player 4.7.0 - DLL Hijacking Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1955 Release Date: ============= 2016-09-22 Vulnerability Laboratory ID VL-ID: ==================================== 1955 Commo...

PT-2016-3442 · Postgresql · Postgresql

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 9.3.15 PostgreSQL versions 9.4.x prior to 9.4.10 PostgreSQL versions 9.5.x prior to 9.5.5 Description: The issue is related to the interactive installer in PostgreSQL, which might allow remote attackers to execute...

ipo.interactivebrokers.com XSS vulnerability

Vulnerable URL: https://ipo.interactivebrokers.com/mkt/reglp.php?href=Ij48c3ZnL29ubG9hZD1wcm9tcHQoL09QRU5CVUdCT1VOVFkvKT4= Details: Description| Value ---|--- Patched:| Yes, at 26.08.2016 Latest check for patch:| 26.08.2016 11:24 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

investors.interactivebrokers.com XSS vulnerability

Vulnerable URL: https://investors.interactivebrokers.com/mkt/reglp.php?href=Ij48c3ZnL29ubG9hZD1wcm9tcHQoL09QRU5CVUdCT1VOVFkvKT4= Details: Description| Value ---|--- Patched:| Yes, at 26.08.2016 Latest check for patch:| 26.08.2016 11:17 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

interactivebrokers.com.hk XSS vulnerability

Vulnerable URL: https://www.interactivebrokers.com.hk/mkt/reglp.php?href=Ij48c3ZnL29ubG9hZD1wcm9tcHQoL09QRU5CVUdCT1VOVFkvKT4= Details: Description| Value ---|--- Patched:| Yes, at 26.08.2016 Latest check for patch:| 26.08.2016 11:18 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...

net2ftp 1.0 Cross Site Scripting

Summary Subject: net2ftp XSS in "command" and "urlwithpw" parameters Versions vulnerable: ALL Tested on latest, version 1.0 Category: 0-day Impact: Medium Description of the product net2ftp is a web based FTP client http://www.net2ftp.com/index.php . It can be used as a standalone version and als...

nightHawkResponse - Incident Response Forensic Framework

Custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline "collections" file and give flexibility in search/stack and tagging. The application was born out of the inability to control multiple...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact A remote attacke...

git fixup: --amend for older commits

Everyone knows and loves to use git commit --amend to change the latest commit. But what if you want to correct a older commit? The flow in that case involves an interactive rebase with a edit step. But that's kludgy. Here's an alias that using a couple of nifty git features makes it one command...

OWASP Offensive Web Testing Framework: OWFT

The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming. OWASP OWTF is a project focused on penetration testing efficiency and...

PowerShell Runspace Portable Post Exploitation Tool: PowerOPS

PowerShell Runspace Portable Post Exploitation Tool aimed at making Penetration Testing with PowerShell “easier” PowerOPS is an application written in C that does not rely on powershell.exe but runs PowerShell commands and functions within a powershell runspace environment .NET. It intends to...

HDWiki 5.1 /control/doc.php SQL injection vulnerability

HDWiki description Interactive wiki open source systems HDWiki as China's first with independent intellectual property rights of the Chinese Wiki（Wiki）system, the interactive online（Beijing）Technology Co., Ltd. in 2006 to 11 November 28 the official launch, and strive for domestic and foreign man...

partners.caesarsinteractive.com XSS vulnerability

Vulnerable URL: http://partners.caesarsinteractive.com/processing/profilerotator.asp?pid=%22%3E%3Cscript%3Ealert%28%27OPENBUGBOUNTY%27%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 31.10.2016 Latest check for patch:| 31.10.2016 15:51 GMT Vulnerability type:| XSS...

Reverse Engineering Cross Platform Disassembler: Panopticon

Reverse Engineering Cross Platform Disassembler Panopticon is a disassembler that understands the semantics of opcodes. This way it’s able to help the user by discovering and displaying invariants that would have to be discovered “by hand” in traditional disassemblers. This allows an interactive...

Remote Vulnerability Testing Framework: Pocsuite

Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers. Requirements Python 2.6...

interactive-resources.co.uk XSS vulnerability

Vulnerable URL: http://www.interactive-resources.co.uk/search?searchTerm=OPENBUGBOUNTY%22%3E%3Cscript%3Econfirm%28%22OPENBUGBOUNTY%22%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:45 GMT Vulnerability type:| XSS Vulnerabili...