6341 matches found
Node.js third-party modules: [public] Stored XSS in the filename when directories listing
I would like to report a Stored XSS issue in module public It allows executing malicious javascript code in the user's browser. Module module name: public version: 0.1.3 npm page: https://www.npmjs.com/package/public Module Description Run static file hosting server with specified public dir &...
CLOUDKiLL3R - Bypasses Cloudflare Protection Service Via TOR Browser
CLOUDKiLL3R bypasses Cloudflare protection service via TOR Browser ! CLOUDKiLL3R Requirements : TOR Browser to scan as many sites as you want : Python Compiler CLOUDKiLL3R Installation ? Make sure that TOR Browser is up and running while working with CLOUDKiLL3R . Make sure that the IP AND PORT a...
Detect Illegal Wireless Network Activities: WIPI-HUNTER
WipiHunter is developed for detecting illegal wireless network activities; howver, it shouldn’t be seen only as a piece of code. Instead, actually it is a philosophy. You can infer from this project new wireless network illegal activity detection methods. New methods, new ideas and different poin...
PT-2018-1294 · Schneider Electric · Modicon M340 +3
Name of the Vulnerable Software and Affected Versions: Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers affected versions not specified Description: The issue is related to hard-coded accounts in the communication modules of the affected controllers...
Apache HTTP Server 'mod_cluster' DoS Vulnerability - Linux
Apache HTTP Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fast CLI DNS Lookup Tool: ZDNS
ZDNS is a command-line utility that provides high-speed DNS lookups. For example, the following will perform MX lookups and a secondary A lookup for the IPs of MX servers for the domains in the Alexa Top Million: cat top-1m.csv | zdns MX --ipv4-lookup --alexa ZDNS is written in golang and is...
Memcrashed-DDoS-Exploit - DDoS Attack Tool For Sending Forged UDP Packets To Vulnerable Memcached Servers Obtained Using Shodan API
This tool allows you to send forged UDP packets to Memcached servers obtained from Shodan.io Prerequisites The only thing you need installed is Python 3.x apt-get install python3 You also require to have Scapy and Shodan modules installed pip install scapy pip install shodan Using Shodan API This...
Masha and these Bears
Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary. They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile. Our previous post on their 2017 activity stepped...
Gemalto SafeNet Authentication Service for Outlook Web App Agent Elevation of Privilege Vulnerability
Gemalto SafeNet Authentication Service for Outlook Web App Agent is a SafeNet Authentication Service agent for Outlook applications from Gemalto USA. A security vulnerability exists in Gemalto SafeNet Authentication Service for Outlook Web App Agent, which stems from the program's use of weak...
Gemalto SafeNet Authentication Service Windows Logon Agent Elevation of Privilege Vulnerability
Gemalto SafeNet Authentication Service Windows Logon Agent is a SafeNet Authentication Service Windows Logon Agent from Gemalto USA. A security vulnerability exists in the Gemalto SafeNet Authentication Service Windows Logon Agent that stems from the program's use of weak access control lists for...
Gemalto SafeNet Authentication Service End User Software Tools for Windows Elevation of Privilege Vulnerability
Gemalto SafeNet Authentication Service End User Software Tools for Windows is a Windows-based SafeNet Authentication Service tool from Gemalto USA. A security vulnerability exists in SafeNet Authentication Service End User Software Tools for Windows that stems from the program's use of weak acces...
Gemalto SafeNet Authentication Service for AD FS Agent Elevation of Privilege Vulnerability
Gemalto SafeNet Authentication Service for AD FS Agent is a federated authentication service agent from Gemalto USA. A security vulnerability exists in Gemalto SafeNet Authentication Service for AD FS Agent, which stems from the program's use of weak access control lists for installation...
Gemalto SafeNet Authentication Service Remote Web Workplace Agent Elevation of Privilege Vulnerability
Gemalto SafeNet Authentication Service Remote Web Workplace Agent is a SafeNet Authentication Service Remote Web Workplace Agent from Gemalto USA. A security vulnerability exists in the Gemalto SafeNet Authentication Service Remote Web Workplace Agent that stems from the program's use of weak...
Gemalto SafeNet Authentication Service IIS Agent Elevation of Privilege Vulnerability
The Gemalto SafeNet Authentication Service IIS Agent is a Gemalto agent that provides two-factor authentication for systems running Microsoft Internet Information Services IIS including Outlook Web Access, the mail client component. The security vulnerability in the Gemalto SafeNet Authentication...
CVE-2018-7714
The validateInputImageSize function in modules/imgcodecs/src/loadsave.cpp in OpenCV 3.4.1 allows remote attackers to cause a denial of service assertion failure because pixels = 130 may be false. Note: “OpenCV CVAssert is not an assertion C-like assert, it is regular C++ exception which can raise...
CVE-2015-7964
SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...
CVE-2015-7966
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965...
CVE-2015-7961
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...
Authentication flaw
SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...
CVE-2015-7962
SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module...