Authorization

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

PYSEC-2018-109

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

CVE-2018-1000080

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

CVE-2018-1000080

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in...

Uber: Outdated Wordpress installation and plugins at www.uberxgermany.com create CSRF and XSS vulnerabilities

Outdated Wordpress installation and plugins at www.uberxgermany.com create CSRF and XSS vulnerabilities This was a pretty simple vulnerability discovered using WPscan that found a few vulnerable plugins. And be sure to check out my blog https://healdb.tech/blog/ or my Twitter...

Harpoon - CLI Tool For Open Source And Threat Intelligence

OSINT tool, CLI Tool For Open Source And Threat Intelligence Install You can simply pip install the tool: pip3 install git+http://[email protected]/Te-k/harpoon --process-dependency-links Optionally if you want to use the screenshot plugin, you need phantomjs and npm installed: npm install -...

Cross site scripting

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

ipChecker - Check If A IP Is From Tor Or Is A Malicious Proxy

Tool to check if a given IP is a node tor or an open proxy. Why? Sometimes all your throttles are not enough to stop brute force attacks or any kind of massive attacks, so it can help you to drop, some attackers who use tor or open proxies. How it works The ipChecker has some plugins which scrap...

CVE-2017-7426

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity XXE handling flaws that could be used by attackers to leak information or cause denial of service attacks...

Xxe

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity XXE handling flaws that could be used by attackers to leak information or cause denial of service attacks...

CVE-2017-7426 iManager - XML External Entity vulnerabilities

The NetIQ Identity Manager Plugins before 4.6.1 contained various XML External XML Entity XXE handling flaws that could be used by attackers to leak information or cause denial of service attacks...

CVE-2017-7426

The CVE-2017-7426 issue affects NetIQ Identity Manager Plugins prior to version 4.6.1. It stems from XML External Entity (XXE) handling flaws in the plugins, enabling attackers to potentially disclose information and cause a denial of service. The NVD entries provide CVSSv3/2 metrics indicating h...

WordPress Users Warned of Malware Masquerading as ionCube Files

Security researchers are warning WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware, is used by cybercriminals to create backdoors on vulnerable websites allowing them to steal data or plant more malware. In the...

Lynis 2.6.2 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

roxysploit - Penetration Testing Suite

roxysploit is a community-supported, open-source and penetration testing suite that supports attacks for numerous scenarios. conducting attacks in the field. Some containing Plugins in roxysploit Scan is a automated Information gathering plugin it gives the user the ability to have a rest while t...

Arbitrary Code Execution

github.com/golang/go is vulnerable to arbitrary code execution attacks. The application does not filter the compiler flag variables -fplugin= and -plugin= when the go get command is run, allowing a malicious user to inject and execute arbitrary code by loading compiler plugins...

Lynis 2.6.1 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

CVE-2017-1000396

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins...

Debian: Security Advisory (DLA-952-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-14803

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system...