209 matches found
laravel-filemanager 代码问题漏洞
laravel-filemanager is an open source tool from UniSharp. A code issue vulnerability exists in laravel-filemanager that stems from the upload function not adequately validating the file type during upload. An attacker can replicate the following steps to exploit the vulnerability:Install a packag...
Unspecified vulnerability in calibre
Calibre is an open source free all-in-one eBook reading management and format conversion tool. A security vulnerability exists in calibre before 5.32.0, which stems from the inclusion of regular expressions vulnerable to ReDoS Regular Expression Denial of Service attacks in htmlpreprocessrules in...
OnionShare 安全漏洞
OnionShare is an open source tool for securely and anonymously sharing files, hosting websites, and chatting with friends using the Tor network. Used to securely and anonymously share files, host websites, and chat with friends using the Tor network, OnionShare has a file upload vulnerability tha...
PEzor - Open-Source Shellcode And PE Packer
Read the blog posts here: https://iwantmore.pizza/posts/PEzor.html https://iwantmore.pizza/posts/PEzor2.html https://iwantmore.pizza/posts/PEzor3.html https://iwantmore.pizza/posts/PEzor4.html Installation The install.sh is designed to work on a Kali Linux distro. ---------------- \ / \ //\ \ |/|...
rConfig 代码问题漏洞
rConfig is an open source network configuration management utility. rConfig is vulnerable to server-side request forgery, which could be exploited by an attacker to open a connection to a machine via the deviceIpAddr and connPort parameters...
showdoc 安全特征问题漏洞
showdoc is an open source tool ideal for IT teams to share documents online. showdoc in the security features problematic vulnerability , the vulnerability stems from the lack of a limit on the number of client logins and thus vulnerable to password weak pseudo-random number generator PRNG attack...
Command execution vulnerability in nginxWebUI
nginxWebUI is an open source tool for the web. A command execution vulnerability exists in nginxWebUI. An attacker can exploit the vulnerability to execute arbitrary system commands...
Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild
Cyber operatives affiliated with the Russian Foreign Intelligence Service SVR have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operato...
Unspecified Vulnerability in HashiCorp Terraform
Hashicorp Terraform is an open source tool for provisioning and managing cloud infrastructure from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Terraform versions prior to 2.19.1 that stems from a failure to properly configure the GCE type binding tag for Vault's GCP...
OSSEC 安全漏洞
Scott R. Shinn OSSEC is Scott R. Shinn an open source application. OSSEC provides a simple, powerful and open source solution that combines all aspects of HIDS Host Based Intrusion Detection, log monitoring and SIM,SIEM. A security vulnerability exists in OSSEC 3.6.0, which stems from the...
Pocsuite
This repository is an offensive tool for penetration testing and vulnerability assessment. It is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. The primary purpose of this tool is to assist penetration testers and...
Building for Billions: Addressing Security Concerns for Platforms at Scale
Security operations once consisted of a multitude of manual operations based around alerts, thresholds and severity levels. As systems scale and platforms continue to grow, how do you keep up with the growing requirements to secure these transactions and the networks they are built upon?...
qdPM Injection Vulnerability
qdPM is a Web-based open source project management tool . A security vulnerability exists in qdPM version 9.1. An attacker can exploit the vulnerability to redirect users to a malicious website...
dalfox
Looking for the Go v2.x version? Dalfox v3 is a complete...
Archery Cross-Site Scripting Vulnerability
Archery is an open source vulnerability assessment and management tool that helps developers and penetration testers perform scans and manage vulnerabilities. A stored cross-site scripting vulnerability exists in the Vulnerability Scan Scheduling page in Archery versions prior to 1.3. An attacker...
4CAN - Open Source Security Tool to Find Security Vulnerabilities in Modern Cars
Open Source Security Tool to Find Security Vulnerabilities in Modern Cars. hardware Tested on the following raspbian images using a pi3b+ Apr 2019 kernel 4.14.98-v7+ Oct 2018 kernel 4.14.71-v7+ Jun 2018 kernel 4.14.50-v7+ 4can should also work with a pi0w, but it's recommended to use at least a...
Free Facial Recognition Tool Can Track People Across Social Media Sites
Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale. Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media...
Malware monitor - leveraging PyREBox for malware analysis
This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework...
Leafpub Cross-Site Scripting Vulnerability
Leafpub is an open source PHP and MySQL based code publishing tool . A cross-site scripting vulnerability exists in Leafpub version 1.2.0-beta6. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScript code...
ATM Users May Soon Face More Malware
By: David Sancho, Senior Threat Researcher at Trend Micro and Juan Jesús León, Product and New Development Manager of GMV Secure e-Solutions Trend Micro and GMV - an industry expert on ATM security - presented last week in London, during ATMSec, a conference focused on the topic. Our presentation...