THC-Hydra 8.1 - Network Logon Cracker

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...

LinEnum - Local Linux Enumeration & Privilege Escalation Checks

LinEnum will automate many of the checks that I’ve documented in the Local Linux Enumeration & Privilege Escalation Cheatsheet. It’s a very basic shell script that performs over 65 checks, getting anything from kernel information to locating possible escalation points such as potentially useful...

Leszek Krupinski L-Forum 2.4 Search Script SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5468/info Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' L-Forum does not properly sanitize user input that is used as part of the search parameter in the...

The Mole - Automatic SQL Injection Exploitation Tool

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server,...

John the Ripper Postgres SQL Password Cracker

This module uses John the Ripper to attempt to crack Postgres password hashes, gathered by the postgreshashdump module. It is slower than some of the other JtR modules because it has to do some wordlist manipulation to properly handle postgres' format...

[SECURITY] [DSA 2950-2] openssl update

------------------------------------------------------------------------- Debian Security Advisory DSA-2950-2 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 16, 2014 http://www.debian.org/security/faq - -...

openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)

Security and bugfix release 9.1.5 : - Ignore SECURITY DEFINER and SET attributes for a procedural language's call handler CVE-2012-2655 bnc765069 - Fix incorrect password transformation in 'contrib/pgcrypto''s DES crypt function CVE-2012-2143 bnc766799 - Prevent access to external files/URLs via...

CVE-2011-0993

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors...

Information disclosure

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2011-0993

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors...

CVE-2011-0993

SUSE Lifecycle Management Server is affected by CVE-2011-0993: before version 1.1, it uses world-readable PostgreSQL credentials, allowing local users to obtain sensitive information via unspecified vectors. The impact is information disclosure; no exploit details are provided in the connected do...

Xerox DocuShare - SQL Injection

The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...

[USN-2120-1] PostgreSQL vulnerabilities

========================================================================== Ubuntu Security Notice USN-2120-1 February 24, 2014 postgresql-8.4, postgresql-9.1 vulnerabilities ========================================================================== A security issue affects these releases of Ubunt...

[THC-Hydra 7.5] Fast Parallel Network Logon Cracker

Hydra is a parallelized network logon cracker which supports numerous protocols to attack, new modules are easy to add, beside that, it is flexible and very fast. Features IPv6 Support Graphic User Interface Internationalized support RFC 4013 HTTP proxy support SOCKS proxy support The tool suppor...

HP Application Lifecycle Management GossipService SOAP Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Application Lifecycle Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service named GossipServiceSoapBinding. This web service i...

Updated quassel packages fix CVE-2013-4422

Updated quassel packages fix security vulnerability: Quassel IRC before 0.9.1 is vulnerable to SQL injection if used with Qt 4.8.5, due to a change in Qt's postgres driver, allowing other IRC users to trick the Quassel core into executing SQL queries CVE-2013-4422. This update provides Quassel...

Apache 'mod_accounting'模块SQL注入漏洞(CVE-2013-5697)

BUGTRAQ ID: 62677 CVE ID: CVE-2013-5697 modaccounting是Apache 1.3.x上的流量计费模块，该模块使用数据记录流量，支持的数据库类型包括MySQL及PostgreSQL。 modaccounting 0.5模块在Host报文头中存在SQL注入漏洞，攻击者可利用此漏洞破坏应用，执行未授权数据库操作。该漏洞源于用户提供的HTTP报文头未经过滤即用在查询内。该模块使用了简单的字符串串联来修改已定义查询内的占位符，然后再发送到数据库内。该代码位于modaccounting.c内。 0 modaccounting 0.5 临时解决方法：...

[THC-Hydra v7.5] Fast network logon cracker

CHANGELOG for 7.5 =================== Moved the license from GPLv3 to AGPLv3 see LICENSE file Added module for Asterisk Call Manager Added support for Android where some functions are not available hydra main: - reduced the screen output if run without -h, full screen with -h - fix for ipv6 and...

[Malwasm] Offline debugger for malware's reverse engineering

Malwasm is a tool based on Cuckoo Sandbox available here. Malwasm was designed to help people that do reverse engineering. Malwasm step by step: the malware to analyse is executed through Cuckoo Sandbox during the execution, malwasm logs all activites of the malware with pintool all activities ar...

[MSF-Installer] Script to Automate Metasploit Framework Installation

Script to help with installing and configuring Metasploit Framework, Armitage and the Plugins I have written on OSX and Linux To use the script on OSX Java, Xcode and Command Development Tools from Xcode must be installed before running the script. In the case of OSX I also added the option of...