Updating IPS Blade with the Latest Dynamic Protections

IPS dynamic updates are available to customers who have purchased the IPS subscription service. Customers with valid subscription license can choose the attacks to defend against, read detailed information about the attack, configure parameters for each attack defense, including logging options,...

Updates to Snort setup guides

Our documentation on Snort 3 running on CentOS and the Snort Rules Writing guide to Snort 3. Thanks to community member Yaser for providing the updates. The Snort 3 guide now has expanded information on logging options — such as syslog and JSON. There is also a new performance optimization sectio...

lua-resty-waf

It is an offensive tool for web application firewalls WAFs. The repository, huangjacky/lua-resty-waf, contains a high-performance WAF built on the OpenResty stack. The tool is designed to protect against various types of attacks, including HTTP violations, HTTP anomalies, SQL injection, and gener...

Core FTP Server 1.2 - Buffer Overflow (PoC)

Exploit for windows platform in category local exploits -- coding: utf-8 -- Exploit Title : Core FTP Server v1.2 - BufferOverflow POC Date: 2016-02-22 Author: INSECT.B Facebook : https://www.facebook.com/B.INSECT00 GitHub : binsect00 Blog : http://binsect00.tistory.com Vendor Homepage :...

Apache Tomcat's default security policy is too open

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...

Invision Power Board 2.3.5 - SQL Injection

?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind "waraxe" // Estonia, Tartu // http://www.waraxe.us/...