Backdoor in Tpshop <= 2.0.8 (CVE-2018-9919)

Backdoor in Tpshop = 2.0.8 CVE-2018-9919 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framework. Product Download: http://www.tp-shop.cn/Index/Index/download.html Vulnerabili...

OpenEMR Access Restriction Bypass Vulnerability

OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A security vulnerability exists in the interfaces/fax/faxdispatch.php fil...

CVE-2018-10573

interface/fax/faxdispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter...

CVE-2018-10573

interface/fax/faxdispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter...

CVE-2016-10495

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range...

The vulnerability of the bta_scan_results_cb_impl function (btif_ble_scanner.cc) in the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the btascanresultscbimpl function btifblescanner.cc in the Android operating system is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures during BLE Bluetooth Low Energy scanning...

LimeSurvey 2.72.3 - Persistent XSS to Code Execution

See RIPS Scan Report Unauthenticated Persistent Cross-Site Scripting LimeSurvey 2.72.3 is prone to a persistent cross-site scripting vulnerability which is exploitable through the unauthenticated perspective. When submitting a public survey, the Continue Later feature allows users to save their...

Vulchain scan workflow and search queries

This post will be about my Vulnerability Scanner project - Vulchain. Recently I've spent couple of my weekends almost exclusively on coding: refactoring the scan engine, creating API and GUI. I was doing it because of the conferences, where I will be speaking soon: April 11-13 CyberCentral in...

Cockpit CMS 0.13.0 Server Side Request Forgery

SSRFPS"Server Side Request ForgeryPSc in Cockpit CMS 0.13.0 CVE-2017-14611 The Cockpit CMS is awesome if you need a flexible content structure but don't want to be limited in how to use the content. Product Download: https://getcockpit.com/ Vulnerability TypePSoSSRFPS"Server Side Request ForgeryP...

Tpshop <= 2.0.6 Server Side Request Forgery Vulnerability

Exploit for php platform in category web applications SSRF（Server Side Request Forgery） in Tpshop = 2.0.6 CVE-2017-16614 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framewor...

Web Form Sending Credentials Using GET (PCI-DSS check)

The remote web application has a form that sends credentials using an HTTP GET request. This can cause sensitive information such as usernames and passwords to be logged by the server in access logs. Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission...

Magescan - Scan A Magento Site For Information

The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into. Installation .phar Download the magescan.phar file fro...

PCI DSS Compliance : Scan Interference

Interference from either the network or the host did not allow the scan to fulfill the PCI DSS scan validation requirements. This report is insufficient to certify this server. There may be a firewall, IDS or other software blocking Nessus from scanning. C Tenable Network Security, Inc...

Envizon - Network Visualization Tool With Focus On Red / Blue Team Requirements

This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and organization tool, 'envizon'. We hope your feedback will help to improve and hone i...

CVE-2018-5731

An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the...

WPSeku v0.4 - Wordpress Security Scanner

WPSeku is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues. Installation $ git clone https://github.com/m4ll0k/WPSeku.git wpseku $ cd wpseku $ pip3 install -r requirements.txt $ python3 wpseku.py Usage Generic Scan python3...

Simple IOC and Incident Response Scanner: Loki

LOKI is a free and simple IOC scanner, a complete rewrite of main analysis modules of our full featured APT Scanner THOR. IOC stands for „Indicators of Compromise“. These indicators can be derived from published incident reports, forensic analyses or malware sample collections in your Lab. LOKI...

Dealing with Nessus logs

Debugging Nessus scans is a very interesting topic. And it is not very well described even in Tenable University course. It become especially interesting when you see strange network errors in the scan results. Let's see how we can troubleshoot Nessus scans without sending Nessus DB files to...

Adminer Server-Side Request Forgery Vulnerability

Adminer is a full-featured database management tool written in PHP that supports database software such as MySQL, MariaDB, PostgreSQL and SQLite. A server-side request forgery vulnerability exists in Adminer 4.3.1 and earlier versions. An attacker can exploit this vulnerability with the help of t...

Non-reliable Nessus scan results

Do you perform massive unauthenticated vulnerability scans with Nessus? It might be a bad idea. It seems that Nessus is not reliable enough to assess hundreds and thousands of hosts in one scan and can lose some valuable information. The thing is that sometimes Nessus does not detect open ports a...