Dome - Fast And Reliable Python Script That Makes Active And/Or Passive Scan To Obtain Subdomains And Search For Open Ports

Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase. the more surface area exposed the faster a rock wi...

Adminer < 4.7.8 Server-Side Request Forgery

The version of Adminer installed on the remote host suffers from a Server-Side Request Forgery SSRF flaw via the error page of Elasticsearch and ClickHouse in versions bundling all drivers, this may permit clients to make onward connections to arbitrary systems/ports & can be used to potentially...

Top Echelon Software: Disable xmlrpc.php file

Summary: xmlrpc.php can be used for portscanning or bruteforce attacks. Better is to hide this file. Steps To Reproduce: 1. Go to https://www.topechelon.com/xmlrpc.php 2. send a post request. POST /xmlrpc.php HTTP/1.1 Host: www.topechelon.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:60.0...

GHSA-XMVG-W4F9-99R7 XML External Entity (XXE) vulnerability in bw-calendar-engine

bw-calendar-engine version = bw-calendar-engine-3.12.0 contains a XML External Entity XXE vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious...

nWatch - Tool for Host Discovery, PortScanning and Operating System Fingerprinting

nWatch is a handy tool for host discovery, portscanning and operating system fingerprinting. Demo video Requirements nmap scapy colorama ctypes Installation and execution Install the requirements Then you can download nWatch by cloning the Git repository: git clone...

[NetSleuth] Open source Network Forensics And Analysis Tools

NetSleuth identifies and fingerprints network devices by silent network monitoring or by processing data from PCAP files. NetSleuth is an opensource network forensics and analysis tool, designed for triage in incident response situations. It can identify and fingerprint network hosts and devices...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-3546)

This update brings Mozilla Thunderbird to security update version 1.5.0.12. - MFSA 2007-17 / CVE-2007-2871 : Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome...

[Full-disclosure] Extending JavaScript Portscanning to Include Banner Grabbing

There's a new paper/advisory at: http://bindshell.net/papers/ftppasv Here's a quick summary: A common implementation flaw in FTP clients allows FTP servers to cause clients to connect to other hosts. This seemly small vulnerability has some interesting consequences for web browser security namely...

Postfix DoS

NULL pointer reference during address parsing, bounce portscanning via specially crafted address...

Cisco AS5350 - Universal Gateway Portscan Denial of Service

Cisco AS5350 - Universal Gateway Portscan Denial of Service source: https://www.securityfocus.com/bid/6059/info The Cisco AS5350 Universal Gateway is reported to be prone to a denial of service condition. It is possible to cause this condition by portscanning a vulnerable device. This issue was...

Cisco AS5350 - Universal Gateway Portscan Denial of Service

source: https://www.securityfocus.com/bid/6059/info The Cisco AS5350 Universal Gateway is reported to be prone to a denial of service condition. It is possible to cause this condition by portscanning a vulnerable device. This issue was reported for Cisco AS5350 devices running Cisco IOS release...

Squid httpd acceleration acl bug enables portscanning

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Advisory: NASR-2001-001 [email protected] Date: 18 July 2001 Summary: Squid can be used to proxy and also portscan if set up as a httpd accelerator reverse proxy. Versions Affected: 2.3STABLE3 and 2.3STABLE4 unpatched This includes the RedHa...