Wireless Network Watcher v1.79 - Show who is connected to your wireless network

Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC...

testdisk -- buffer overflow with malicious disk image

CGSecurity TestDisk Changelog reports: Various fix including security fix, thanks to: Coverity scan Static Analysis of source code afl-fuzz security-oriented fuzzer. Denis Andzakovic from Security Assessment for reporting an exploitable Stack Buffer Overflow. Denis Andzakovic reports: A buffer...

Dropbox: SSRF vulnerablity in app webhooks

Server Side Request Forgery SSRF is a vulnerabilty which allows an attacker to make web requests from the context of the server host machine to arbitrary URL's. This vulnerability can allow the attacker to access resources internal to the network, which would otherwise be inaccessible. This...

OWASP ZAP 2.4.0 - Penetration Testing Tool for Testing Web Applications

ZAP is an OWASP Flagship project, and is currently the most active open source web application security tool. For a quick introduction to the new release see this video: Some of the most significant changes include: ‘Attack’ Mode A new ‘attack’ mode has been added that means that applications tha...

The vulnerability the batch using the scan framework-vulnerability warning-the black bar safety net

0x00 Preface Each vulnerability after the outbreak, many people are in a hurry to find a batch, thinking to brush a few holes in the submission of the clouds. In fact, some of the vulnerabilities of the detection step time can be unified extraction do into the framework. Today I'll share to make...

Netsparker 4 - Easier to Use, More Automation and Much More Web Security Checks

Netsparker Web Application Security Scanner version 4. The main highlight of this new version is the new fully automated Form Authentication mechanism; it does not require you to record anything, supports 2 factor authentication and other authentication mechanisms that require a one time code to...

Avast! Antivirus RAR File Scan Evasion Security Bypass Vulnerability

Avast! Antivirus is a suite of antivirus programs from the Czech company Avast. A security bypass vulnerability exists in Avast! The vulnerability can be exploited by an attacker to distribute files containing malicious code that cannot be detected by an anti-virus program...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

RAWR - Rapid Assessment of Web Resources

Features A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc. An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information. A report on relevent security headers, courtesy of SmeegeSec. a CSV Thre...

Updated pngcrush package fixes security vulnerability

pngcrush-1.7.84 fixes defects reported by Coverity-scan, so it should be more resistant to crashes due to malformed input files, such as the one presented in CVE-2015-2158...

Phabricator: Server Side Request Forgery in macro creation

mongoose just getting it out of the way ; Hi, I would like to report a Server Side Request Forgery SSRF 1 in the meme creation section of the phabricator software 2. SSRF is a vulnerability allowing requests to be made from the context of the server. This could allow an attacker to gain access to...

Lynis 2.0.0 - Security Auditing Tool for Unix/Linux Systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system including Mac. Even the installation of the software itself is optional! How it works...

CMSmap - Scanner to detect security flaws of the most popular CMSs (WordPress, Joomla and Drupal)

CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. At the moment, CMSs supported by CMSmap are WordPress, Joomla...

WordPress Duplicator 0.5.8 Privilege Escalation Vulnerability

WordPress Duplicator plugin version 0.5.8 suffers from a backup related vulnerability that allows for privilege escalation. Exploit Title: Duplicator 0.5.8 Privilege Escalation Date: 21-11-2014 Software Link: https://wordpress.org/plugins/duplicator/ Exploit Author: Kacper Szurek Contact:...

CVE-2015-1031

Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to 1 the unmap function in list.c or 2 "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from...

CVE-2015-1031

Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to 1 the unmap function in list.c or 2 "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from...

CVE-2015-1031

Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to 1 the unmap function in list.c or 2 "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from...

CVE-2015-1031

CVE-2015-1031 affects Privoxy, with multiple use-after-free vulnerabilities reported in Privoxy prior to 3.0.22. The issues stem from the unmap function in list.c and two additional unconfirmed use-after-free items identified by Coverity; some details come from third-party sources. Impact is desc...

Cisco AnyConnect and Cisco Host Scan Web Launch Cross-Site Scripting Vulnerability

A vulnerability in Cisco AnyConnect Secure Mobility Client and Cisco Host Scan could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the client when AnyConnect is launched through the web interface. The vulnerability is due to insufficien...

IIS short file bug fixes-vulnerability warning-the black bar safety net

Recent site system is to scan the vulnerability: IIS short file/folder vulnerability Vulnerability level: medium risk vulnerability Vulnerability address: full website Vulnerability description: IIS short file name disclosure vulnerability in IIS on the realization on the existence of the file...