Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability

Document Title: =============== Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1772 Release Date: ============= 2016-02-28 Vulnerability Laboratory ID VL-ID: ====================================...

ATSCAN v6.2 - Search / Site / Server Scanner

Description: SEARCH engine XSS scanner. Sqlmap. LFI scanner. Filter wordpress and Joomla sites in the server. Find Admin page. Decode / Encode MD5 + Base64. Ports scan. Scan E-mails in sites. Use proxy. Random user agent. Fandom search engine. Scan errors. Detect Cms. Multiple instant scan...

Tenable Nessus < 6.5.5 Host Details Scan Results XSS

According to its version, the Tenable Nessus application running on the remote host is prior to 6.5.5. It is, therefore, affected by a cross-site scripting XSS vulnerability in the Host Details section due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can...

The vulnerability of the McAfee VirusScan Enterprise anti-virus software allows a hacker to bypass both DEP and ASLR protection mechanisms.

The vulnerability of the McAfee VirusScan Enterprise antivirus software is related to the allocation of memory with read, write, and execute permissions at certain addresses on a 32-bit platform, during the protection of external applications. Exploiting this vulnerability could allow an attacker...

Scareware Signed with Apple Cert Targets Mac OS X Machines

A unique scareware campaign targeting Mac OS X machines has been discovered, and it’s likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate. “Sadly, this particular developer certificate...

ISC BIND 9.3.0 < 9.9.8-P3 / 9.9.x-Sx < 9.9.8-S4 / 9.10.x < 9.10.3-P3 Multiple DoS

According to its self-reported version number, the installation of ISC BIND running on the remote name server is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists due to improper handling of certain string formatting options. An authenticated,...

Automattic: Internal GET SSRF via CSRF with Press This scan feature

Description ----------------------------------- The url http://xxx.xxx.xxx.xxx/wp-admin/press-this.php?u=URLTOSCRAPE&url-scan-submit=Scan does not validate that user intends to send a scrape request. The filter does not validate for 0.0.0.0:PORT and allows the attacker to make the victim send GET...

Fortinet SSH back door further using the method-vulnerability warning-the black bar safety net

How to use this SSH Backdoor into the network? Well this is what this article is going to speak something. This Backdoor access to the firewall is the root, that is, all firewall operation we can do, here we use a firewall a vpn service to access to the internal network, so for further penetratio...

scan-ne.net XSS vulnerability

Vulnerable URL: http://scan-ne.net/wiki/thumb.php?f=xssposed%23%3Cbody%09onload=confirm%28String.fromCharCode%2888,83,83,80,79,83,69,68%29%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 12:19 GMT Vulnerability type:| XSS Vulnerability...

Apache is exposure suspected mod_status module of 0day-vulnerability warning-the black bar safety net

A summary of the instructions: ! On Twitter there are security personnel @crowdshield found 2 0 1 6 years 1 months 1 days later, on the Internet there are a large number of hosts to be scanned, and brought into a strange scanning features, suspected an Apache modstatus module 0day: "GET...

jSQL Injection v0.73 - Java Tool For Automatic SQL Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free , open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL is part of Kali Linux , the official new BackTrack penetration distribution. jSQL is also included in Black Ha...

Cookiescanner - Tool to Check the Cookie Flag for a Multiple Sites

Tool to do more easy the web scan proccess to check if the secure and HTTPOnly flags are enabled in the cookies path and expires too. This tools allows probe multiple urls through a input file, by a google domain looking in all subdomains or by a unique url. Also, supports multiple output like...

Joomla high-risk vulnerability scanning event analysis-vulnerability warning-the black bar safety net

Summary 1 2 on 1 4 May, the Joomla official website emergency issued a due to the security vulnerability to cause a version update 3.4.6, according to security company sucuri released information, this scan time is to use the Joomla deserialization characteristics of the problem causes the...

Flashlight - Automated Information Gathering Tool for Penetration Testers

Pentesters spend too much time during information gathering phase. Flashlight Fener provides services to scan network/ports and gather information rapidly on target networks. So Flashlight should be the choice to automate discovery step during a penetration test. In this article, usage of Flashli...

Joomlavs - A Black Box, Joomla Vulnerability Scanner

JoomlaVS is a Ruby application that can help automate assessing how vulnerable a Joomla installation is to exploitation. It supports basic finger printing and can scan for vulnerabilities in components, modules and templates as well as vulnerabilities that exist within Joomla itself. How to insta...

Fastest Internet Port Scanner: MASSCAN

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. It produces results similar to nmap , the most famous port scanner. Internally, it operates more like scanrand , unicornscan , and ZMap , using asynchronous...

OpenSSL 1.0.0 < 1.0.0t Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.0t. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.0t advisory. - ssl/s3clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client,...

Acunetix WVS Local Elevation of Privilege Vulnerability

Acunetix Web Vulnerability Scanner Consultant Edition is a web vulnerability scanning tool. A security vulnerability exists in the default installation of Acunetix WVS 10, due to the program's failure to manage the scanning schedule with interactive user intervention. Allows a local attacker to...

Acunetix WVS 10 Local Privilege Escalation

''' ======================================================================== Acunetix WVS 10 - from guest to Sytem Local privilege escalation CVE: CVE-2015-4027 Author: me Daniele Linguaglossa Affected Product: Acunetix WVS 10 Exploit: Local privilege escalation Vendor: Acunetix ltd Remote: No...

Threat Outbreak Alert RuleID19554: Email Messages Distributing Malicious Software on November 22, 2015

Medium Alert ID: 42229 First Published: 2015 November 23 14:29 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID19554 may contain the following files: Name |...