4114 matches found
Design/Logic Flaw
The Stop & Shop SCAN IT! Mobile aka com.modivmedia.scanitss application 7.21.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5931
The Stop & Shop SCAN IT! Mobile aka com.modivmedia.scanitss application 7.21.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5931
The CVE-2014-5931 issue affects the Stop & Shop SCAN IT! Mobile Android app (package com.modivmedia.scanitss) version 7.21.00. The root cause is that the app does not verify X.509 certificates from SSL servers, which enables man-in-the-middle attackers to spoof servers and obtain sensitive inform...
VEOPROJECT Cloud Service Detection
Binary data 8529.prm...
SNMP DDoS Attack Spoofs Google DNS Server
Update: The SANS Internet Storm Center this afternoon reported SNMP scans spoofed from Google’s public recursive DNS server seeking to overwhelm vulnerable routers and other devices that support the protocol with DDoS traffic. “The traffic is spoofed, and claims to come from Google’s DNS server...
Lynis 1.6.1 - Version which includes a non-privileged scan (--pentest)
Lynis is a security auditing tool for the Linux, Unix and Mac platform. Being open source and free to use, it is an accessible and great solution to perform security scans. Within just a matter of minutes, it displays the weaknesses in your defenses, and tips for improving them. While Lynis was...
Wireless Network Watcher v1.72 - Show who is connected to your wireless network
Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network. For every computer or device that is connected to your network, the following information is displayed: IP address, MAC...
PostgreSQL Login Utility
This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USERFILE, PASSFILE, and USERPASSFILE options. Note that passwords may be either plaintext or MD5 formatted hashes. This module requires Metasploit:...
Arachni Web Application Scanner Web UI - Stored XSS Vulnerability
No description provided by source. Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference: https://github.com/Arachni/arachni-ui-web/issues/7...
Arachni Web Application Scanner Web UI - Stored XSS Vulnerability
Exploit for multiple platform in category web applications Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference:...
Arachni Web Application Scanner 0.4.7 Cross Site Scripting
Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference: https://github.com/Arachni/arachni-ui-web/issues/71 Affected Version: Arachni...
Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting
Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference:...
FBCacheView v1.03 - View Facebook images stored in the cache of your Web browser
FBCacheView is a simple tool that scans the cache of your Web browser Internet Explorer, Firefox, or Chrome, and lists all images displayed in Facebook pages that you previously visited, including profile pictures, images uploaded to Facebook, and images taken from other Web sites. For every...
IPv6 DNS Guessing Notes
A hostname with an IPv6 address is stored as a AAAA resource record in DNS see AAAA record. There are many DNS hostname bruteforcing tools, personally I like Fierce. Suppose we have already run our hostname bruteforcing tool against a target domain e.g. facebook.com. Below we use dig to do a AAAA...
IPv6 DNS Guessing Notes
A hostname with an IPv6 address is stored as a AAAA resource record in DNS see AAAA record. There are many DNS hostname bruteforcing tools, personally I like Fierce. Suppose we have already run our hostname bruteforcing tool against a target domain e.g. facebook.com. Below we use dig to do a AAAA...
NTFSLinksView - View NTFS symbolic links and junction points
Starting from Windows Vista, Microsoft uses symbolic links and junction points of NTFS file system in order to make changes in the folders structure of Windows and keep the compatibility of applications written for older versions of Windows. This utility simply shows you a list of all symbolic...
Wordfence 3.8.1 - wp-admin/admin.php whois Parameter Stored XSS
The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a wp-admin/admin.php whois Parameter Stored XSS security vulnerability...
Wordfence 3.8.6 - lib/IPTraf.php User-Agent Header Stored XSS
The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a lib/IPTraf.php User-Agent Header Stored XSS security vulnerability...
QuasiBot - Webshell Manager aka HTTP Botnet
QuasiBot is a complex webshell manager written in PHP, which operate on web-based backdoors implemented by user himself. Using prepared php backdoors, quasiBot will work as C&C trying to communicate with each backdoor. Tool goes beyond average web-shell managers, since it delivers useful function...
libjpeg: information leak (read of uninitialized memory)
The getsos function in jdmarker.c in 1 libjpeg 6b and 2 libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan SOS JPEG markers,...