2150 matches found
[Skipfish] Web Application Security Scanner
Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active but hopefully non-disruptive...
Vision Interactive - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Vision Interactive - SQL Injection and Cross-Site Scripting Google Dork: "Powered by Vision Interactive" Date: 04/02/2014 ontact: FB /7h38357 Exploit Author: X-Line Empire North Vendor Homepage: www.visioninteractive.ma Software...
'The Hacker News' Magazine - Relaunching New Editions
Dear Readers, After publishing 15 informative editions of 'The Hacker News' magazine in past 2 years; we at THN are again planning to relaunch the new Chapters of 'The Hacker News Magazine'. The Hacker News THN Monthly Magazine is the most comprehensive and informative collection of IT Security,...
CVE-2013-6838
An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...
Design/Logic Flaw
An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...
CVE-2013-6838
An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...
CVE-2013-6838
CVE-2013-6838 affects Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903) when using OpenVZ with fallback customization. The vulnerability stems from using the same SSH private key across different customer installations, enabling remote attackers to gain privileges; advisories (XPD-2013-001) d...
[XSS Shell] XSS Backdoor and Zombie Manager
XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by “XSS-Proxy – http://xss-proxy.sourceforge.net/”. Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page...
Enghouse Interactive IVR Pro (VIP2000) Remote Root
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 XPD - XPD Advisory https://xpd.se Enghouse Interactive IVR Pro VIP2000 remote root authentication bypass Vulnerability Advisory ID: XPD-2013-001 CVE reference: CVE-2013-6838 Affected platforms: IVR Pro/Contact Center VIP2000 platforms with OpenVZ an...
LiveZilla 5.1.1.0 Stored XSS in operator clients
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...
Command Shell, Reverse TCP (via Firefox XPCOM script)
Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...
Command Shell, Bind TCP (via Firefox XPCOM script)
Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...
[SSLSmart] Smart SSL Cipher Enumeration
SSLSmart is a highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed b...
[iptables-bash_completion] Programmable completion code (bash) for ip[6]tables
This is the programmable completion specification compspec for the iptables program netfilter.org. Features Interactive completion for ip6tables. This completion specification follows the logic of iptables and will only show commands and options, when they are available for the current context...
Command Shell, Bind TCP (via nodejs)
Creates an interactive shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework It would be better to have a commonjs payload, but because the implementations differ so greatly when it comes to require paths f...
Command Shell, Reverse TCP SSL (via nodejs)
Creates an interactive shell via nodejs, uses SSL This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 831 include Msf::Payload::Single include Msf::Payload::NodeJS include...
Command Shell, Reverse TCP (via nodejs)
Creates an interactive shell via nodejs This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework It would be better to have a commonjs payload, but because the implementations differ so greatly when it comes to require paths f...
Windows Command Shell, Reverse TCP (via Lua)
Creates an interactive shell via Lua This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 224 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo ...
CVE-2011-4607
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory...
CVE-2011-4607
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory...