ByWaf - Web Application Penetration Testing Framework

ByWaf is a Web Application Penetration Testing Framework WAPTF. It consists of a command-line interpreter and a set of plugins. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License. The Bywaf application is built on Python’s...

逐浪CMS特定版本疑似存在一个鸡肋后门

简要描述： 特定版本有。包我都是从官网下的啊，文件的来源引人遐想。 详细说明： Zoomla!CMS2X1.0和Zoomla!CMS2X1.1的插件文件夹下存在一个Plugins\baikeeditor\uploadsss.php 官方包下载地址： http://www.zoomla.cn/down/Zoomla!CMS2X1.0.rar http://www.zoomla.cn/down/Zoomla!CMS2x1.1.rar 其它版本均未存在此文件。 为什么说他鸡肋呢，先提下： 1.php的，需要在iis集成了php的组件时才可能有机会利用； 2.我一下子没想到他是否有更好的利用场景...

Nagios Plugins 2.0.1 check_dhcp Arbitrary File Read

============================================= - Release date: 15.05.2014 - Discovered by: Dawid Golunski - Severity: Moderate ============================================= I. VULNERABILITY ------------------------- checkdhcp - Nagios Plugins = 2.0.1 Arbitrary Option File Read II. BACKGROUND...

Nagios Plugins <= 2.0.1 check_dhcp Arbitrary Option File Read

Exploit for linux platform in category local exploits I. VULNERABILITY ------------------------- checkdhcp - Nagios Plugins = 2.0.1 Arbitrary Option File Read II. BACKGROUND ------------------------- "Nagios is an open source computer system monitoring, network monitoring and infrastructure...

CVE-2014-1613

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

Default credentials

Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dcpasswd cookie to a password-protected page, which is not properly handled by 1 inc/public/lib.urlhandlers.php or 2 plugins/pages/public.php...

Nagios Plugins check_dhcp 2.0.1 - Arbitrary Option File Read

Nagios Plugins checkdhcp 2.0.1 - Arbitrary Option File Read ============================================= - Release date: 15.05.2014 - Discovered by: Dawid Golunski - Severity: Moderate ============================================= I. VULNERABILITY ------------------------- checkdhcp - Nagios...

Nagios Plugins check_dhcp 2.0.1 - Arbitrary Option File Read

============================================= - Release date: 15.05.2014 - Discovered by: Dawid Golunski - Severity: Moderate ============================================= I. VULNERABILITY ------------------------- checkdhcp - Nagios Plugins = 2.0.1 Arbitrary Option File Read II. BACKGROUND...

[SECURITY] Fedora 20 Update: owncloud-6.0.3-1.fc20

ownCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. ownCloud is extendable via a simple but powerful API f...

[SECURITY] Fedora 20 Update: dmlite-0.6.2-2.fc20

This package provides a set of common libraries and plugins that implement logic for data management and storage on the grid...

CVE-2013-4215

The IPXPINGCOMMAND in contrib/checkipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping...

Information disclosure

The IPXPINGCOMMAND in contrib/checkipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping...

CVE-2013-4215

The IPXPINGCOMMAND in contrib/checkipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping...

CVE-2013-4215

The IPXPINGCOMMAND in contrib/checkipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping...

CVE-2013-4215

CVE-2013-4215 affects Nagios Plugins 1.4.16; the IPXPING_COMMAND in contrib/check_ipxping.c allows local users to gain privileges via a symlink race on /tmp/ipxping/ipxping. Root cause is a symlink attack enabling local privilege escalation. Exploitation status and fix details are not provided in...

CVE-2013-4215

The IPXPINGCOMMAND in contrib/checkipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping...

CS, XSS and FPD vulnerabilities in multiple plugins with CU3ER for WordPress

Hello 3APA3A! Recently I disclosed vulnerabilities in CU3ER http://seclists.org/fulldisclosure/2014/Apr/244 and vulnerabilities in plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone http://seclists.org/fulldisclosure/2014/Apr/251. This is popular flash file and in Google's index the...

Vulnerabilities in plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone

Hello 3APA3A! Recently I disclosed vulnerabilities in CU3ER http://seclists.org/fulldisclosure/2014/Apr/244. This is popular flash file and in Google's index there are up to million web sites with it inurl:cu3er.swf filetype:swf - now Google shows 994000 results. There are any plugins for differe...

Fedora Update for wireshark FEDORA-2014-5514

Check for the Version of wireshark OpenVAS Vulnerability Test Fedora Update for wireshark FEDORA-2014-5514 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...

Web application Advanced Security: IronWASP

Web application Advanced Security: IronWASP IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Thou...