Design/Logic Flaw

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copyin...

Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copyin...

PT-2021-14503 · Unknown · Sopel-Channelmgnt

Name of the Vulnerable Software and Affected Versions: sopel-channelmgnt versions prior to 2.0.1 Description: The issue concerns the sopel-channelmgnt plugin for sopel, where restrictions around the removal of the bot using the kick/kickban command could be bypassed on some IRC servers when kicki...

php: Dumpable FPM child processes allow bypassing opcache access controls

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

HP LaserJet P4014/P4015 Printers 6.7.0.x Authentication Bypass

Exploit Title : HP LaserJet P4014/P4015 Printers 6.7.0.x Bypass Missing Authentication Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 31/03/2019 Vendor Homepage : hp.com Software Information Link :...

HP LaserJet 5200 HP LaserJet 5200 Authentication Bypass

Exploit Title : HP LaserJet 5200 Printers 6.7.0.x Bypass Missing Authentication Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 31/03/2019 Vendor Homepage : hp.com Software Information Link :...

Empire GUI - Empire Client Application

The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework. It was written in Electron and utilizes websockets SocketIO on the backend to support multiuser interaction. The main goal of this project is to enable red teams, or any other color team, to work together...

The Empire Multiuser GUI: Empire GUI

The Empire Multiuser GUI is a graphical interface to the Empire post-exploitation Framework. It was written in Electron and utilizes websockets SocketIO on the backend to support multiuser interaction. The main goal of this project is to enable red teams, or any other color team, to work together...

CVE-2017-1478

IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613...

Faraday v2.5 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

Divide Between Work, Personal Data on Android Breached

SAN FRANCISCO–Researchers here at the RSA Conference demonstrated Thursday a way a hacker can bypass enterprise mobility management sandboxing tools known as Android for Work that are designed to segregate work and personal data on Android devices. In a proof-of-concept demonstration, researchers...

Collaborative Penetration Test & Vulnerability Management Platform: Faraday

Collaborative Penetration Test & Vulnerability Management Platform Faraday introduces a new concept – IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the data generated during a security audit. The main purpose of...

Faraday v2.3 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

Faraday v2.2 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

Linux Network Analyzer: netsniff-ng

Linux Network Analyzer A Swiss army knife for your daily Linux network plumbing netsniff-ng is a free, performant Linux network analyzer and networking toolkit. If you will, the Swiss army knife for network packets. The gain of performance is reached by built-in zero-copy mechanisms, so that on...

Advanced Browser Exploit Pack: BrowserExploit

Advanced Browser Exploit Pack BrowserExploit is an advanced browser exploit pack for doing internal and external pentesting, helping gaining access to internal computers. The exploits in kit are old so it keep scripts kiddies from running it in the wild and achieve malicious task. BrowserSploit u...

sysPass 1.1.2.23 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-047 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.1.2.23 and below Tested Versions: 1.1.2.23 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification:...

sysPass 1.0.9 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-046 Product: sysPass Manufacturer: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: Insecure Direct Object References CWE-932 Exposure of Backup File to an Unauthorized Control...

sysPass 1.0.9 - SQL Injection

sysPass 1.0.9 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor...

sysPass 1.0.9 - SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-031 Product: sysPass Vendor: http://cygnux.org/ Affected Versions: 1.0.9 and below Tested Versions: 1.0.9 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-07-27 Solutio...