170 matches found
Information Disclosure
github.com/hashicorp/terraform is vulnerable to information disclosure. Sensitive information can be disclosed to the issue tracker when crash log files are not redacted by the operator...
Diaphora - The Most Advanced Free And Open Source Program Diffing Tool
Diaphora διαφορά, Greek for 'difference' is a program diffing plugin for IDA, similar to Zynamics Bindiff or other FOSS counterparts like YaDiff, DarunGrim, TurboDiff, etc... It was released during SyScan 2015. It works with IDA 6.9 to 7.3. Support for Ghidra is in development. Support for Binary...
Acunetix Vulnerability Scanner Now With Network Security Scans
User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technolo...
Tautulli 2.1.26 Cross Site Scripting
Tautulli https://tautulli.com/ is a Python based monitoring and tracking tool for Plex Media Server. We discovered that an authenticated Plex Media Server user could change their Plex username to include JavaScript and Tautulli would fail to sanitize the username so that when the Plex Media Serve...
Process Hacker - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. System requirements Windows 7 or higher, 32-bit or 64-bit. Features A detailed overview of system activity with highlighting. Graphs and statistics allow you quickly to track down...
W3Brute - Automatic Web Application Brute Force Attack Tool
w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites. Features 1. Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process...
SQLMap v1.2.8 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
Bug bounty left over (and rant) Part III (Google and Twitter)
tl;dr in this blog post I am going to talk about some bug bounty left over with a little rant. Here you can find bug bounty left over part I and II Here you can find bug bounty rant part I and II Introduction In one of my previous post I was saying that: "The rule 1 of any bug hunter... is to hav...
Threatpost News Wrap Podcast for Nov. 3
Threatpost editors Mike Mimoso and Tom Spring discuss the week’s top information security news stories, including Google’s decision to drop HTTP Public Key Pinning in Chrome, a vulnerability in Google’s Issue Tracker, Mozilla’s decision to ban Canvas Fingerprinting, and a HTTPS issue with...
SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
Announcing the Project Zero Prize
Posted by Natalie Silvanovich, Exploit Enthusiast Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests. Hoping to continue the stream of great bugs, we’ve decided to star...
Zabbix Agent 3.0.1 mysql. size shell command injection
CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions were not tested. Background ========== "Zabbix agent is deployed on a...
Zabbix Agent 3.0.1 - mysql.size Shell Command Injection
Zabbix Agent 3.0.1 - mysql.size Shell Command Injection CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection -------------------------------------------------------------------- Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from...
GitLab: GFM renderer leaks external issue tracker URL of private project
Vulnerability details The GFM renderer has the ability to cross-link issues between projects. When this project is private and the user doesn't have access, the link isn't made. This is good. However, when the private project has an external issue tracker set up, an attacker can extract the...
GitLab: Persistent XSS on public project page
Details A project admin can set up a custom issue tracker integration. This setting misses a check to make sure that it's a real URL and, thus, can use the javascript handler to execute arbitrary Javascript. Browsers use this handler to execute inline Javascript. This can lead to an account take...
HackerOne: External links should use rel="noopener" or use the redirect service
This is a rather low severity one and a successful exploitation relies on unlikely user interaction as well as the ability to control the HTML output of an remote host. Furthermore it is a kinda new hardening features in some browsers. Though one can work around this using "noreferrer" which is...
Atlassian JIRA Detection
Atlassian JIRA, a web-based issue tracker written in Java, is running on the remote host. TRUSTED...
Fedora Update for trac FEDORA-2010-4287
Check for the Version of trac OpenVAS Vulnerability Test Fedora Update for trac FEDORA-2010-4287 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Fedora Update for trac FEDORA-2010-4318
Check for the Version of trac OpenVAS Vulnerability Test Fedora Update for trac FEDORA-2010-4318 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
[SECURITY] Fedora 13 Update: trac-0.11.7-1.fc13
Trac is an integrated system for managing software projects, an enhanced wiki, a flexible web-based issue tracker, and an interface to the Subversion revision control system. At the core of Trac lies an integrated wiki and issue/bug database. Using wiki markup, all objects managed by Trac can...