PwnAdventure3 - Game Open-World MMORPG Intentionally Vulnerable To Hacks

Pwnie Island is a limited-release, first-person, true open-world MMORPG set on a beautiful island where anything could happen. That's because this game is intentionally vulnerable to all kinds of silly hacks! Flying, endless cash, and more are all one client change or network proxy away. Are you...

Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability (CVE-2016-8610)

Summary Aspera Applications has addressed the following OpenSSL vulnerability. Vulnerability Details CVEID:CVE-2016-8610 DESCRIPTION: SSL/TLS protocol is vulnerable to a denial of service, caused by an error when processing ALERT packets during a SSL handshake. By sending specially-crafted packet...

Microsoft Windows: Service: WinHTTP Web Proxy Auto-Discovery Service

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winhttpwebproxyautodiscovery.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for WinHTTP Web Proxy Auto-Discovery Service WinHttpAutoProxySvc Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Microsoft Edge: Chakra: EntrySimpleObjectSlotGetter can have side effects(CVE-2018-8133)

function optw, arr arr0 = 1.1; let res = w.event; arr0 = 2.3023e-320; return res; let arr = 1.1; for let i = 0; i ::EntrySimpleObjectSlotGetter 00007fffd5cf3d50 // w.event 000001a880001235 48ffd0 call rax 000001a880001238 488b8e30bdf0ff mov rcx,qword ptr rsi-0F42D0h 000001a88000123f f2480f104158...

GSA Bounty: Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone

Hey there, while signing for new api key, i have found two bugs that is unusual and make anyone to send crafted or customised email to someone. Bug 1: - low 1. Go to https://api.data.gov/signup/ 2. Enter first and last name , then enter email id and get api key. Bug: You can use the same email id...

Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion

Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion / function optw, arr arr0 = 1.1; let res = w.event; arr0 = 2.3023e-320; return res; let arr = 1.1; for let i = 0; i ::EntrySimpleObjectSlotGetter 00007fffd5cf3d50 // w.event 000001a880001235 48ffd0 call rax 000001a880001238...

MITM RDP Connections: Seth

Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops...

Quick tip: Watch out — restriction by location can be circumvented.

by @Andrey Danau, Wallarm Research If you are like many app developers, you may be using nginx or apache proxy or a web server on the front end of your application. If you are on a tight schedule, it is tempting to tie authorization and data controls simply to the locations defined in the front...

[SECURITY] Fedora 27 Update: nghttp2-1.31.1-1.fc27

This package contains the HTTP/2 client, server and proxy programs...

Zabbix Server Config Proxy Request Information Disclosure Vulnerability

Summary An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make...

Webscreenshot - A Simple Script To Screenshot A List Of Websites

A simple script to screenshot a list of websites, based on the url-to-image phantomjs script. Features Integrating url-to-image 'lazy-rendering' for AJAX resources Fully functional on Windows and Linux systems Cookie and custom HTTP header definition support Multiprocessing and killing of...

[SECURITY] Fedora 26 Update: curl-7.53.1-16.fc26

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Intentionally Insecure Webapp for Security Training: OWASP Juice Shop

OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in JavaScript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. It was the first application written entirely in JavaScri...

sub6 - Web App Scanner

subdomain take over detector and crawler. Usage python sub6.py -i list.txt -o output.txt -s phpinfo.php -x 4 +Options -i input files twitterdomains.txt if many separate by comma -o output file twitterResult.txt -p protocol http or https -s suffix phpinfo.php used to look for ceratin files CTF mod...

ipChecker - Check If A IP Is From Tor Or Is A Malicious Proxy

Tool to check if a given IP is a node tor or an open proxy. Why? Sometimes all your throttles are not enough to stop brute force attacks or any kind of massive attacks, so it can help you to drop, some attackers who use tor or open proxies. How it works The ipChecker has some plugins which scrap...

[SECURITY] [DSA 4128-1] trafficserver security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4128-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 02, 2018 https://www.debian.org/security/faq -...

AutoSploit v2.0 - Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been select...

H2O HTTP Server < 2.0.4 DoS Vulnerability

H2O allows remote attackers to cause a denial of service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Exodus Wallet (ElectronJS Framework) remote Code Execution

This module exploits a Remote Code Execution vulnerability in Exodus Wallet, a vulnerability in the ElectronJS Framework protocol handler can be used to get arbitrary command execution if the user clicks on a specially crafted URL. This module requires Metasploit: https://metasploit.com/download...

CVE-2018-1000027

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via...