Lucene search
K

419 matches found

Kitploit
Kitploit
added 2018/06/18 2:9 p.m.216 views

VOOKI - Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2018/05/14 12:0 a.m.301 views

IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure

Vulnerabilities in IBMs Flashsystems and Storwize Products ------------------------------------------------------------------------- Introduction ============ Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. These were discovered during a bla...

0.4AI score0.02658EPSS
Exploits3
Citrix
Citrix
added 2018/04/27 12:0 a.m.10 views

How to create rewrite policy for Security Headers

This article explains how to create rewrite policy for content security headers, XSS protection, HSTS, X-Content-Type-Options & Content-Security-Policy ADC appliances support HTTP strict transport security HSTS as an inbuilt option in SSL profiles and SSL virtual servers...

6.2AI score
Exploits0
Kitploit
Kitploit
added 2018/03/20 9:18 p.m.67 views

WPHunter - Wordpress Vulnerability Scanner

You can use this tool on your wordpress website to check the security of your website by finding the vulnerability in your website. Over 75 million websites run on WordPress. which is now powers 26% of the Web. Remarkably enough thousands of WP sites are vulnerable to attacks and get hacked each...

7.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2017/10/13 12:0 a.m.510 views

HTTP Security Headers Detection

All known security headers are being checked on the remote web server. On completion a report will hand back whether a specific security header has been implemented including its value and if it is deprecated or is missing on the target. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...

7.5AI score
Exploits0References3
Nmap
Nmap
added 2017/06/06 1:36 a.m.1753 views

http-security-headers NSE Script

Checks for the HTTP response headers related to security given in OWASP Secure Headers Project and gives a brief description of the header and its configuration value. The script requests the server for the header with http.head and parses it to list headers founds with their configurations. The...

10CVSS9.2AI score0.99448EPSS
Exploits33
Hacker One
Hacker One
added 2017/04/22 10:24 a.m.13 views

WordPress: Clickjacking In jobs.wordpress.net

A clickjacking issue was reported due to lack of security headers. It was not assessed as a security issue but a hardening fix was still deployed, without a bounty, as issues arising out of "Lack of HTTP security headers" are not applicable...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/03/28 9:53 p.m.51 views

Nextcloud: Reflected XSS in error pages (NC-SA-2017-008)

Hello, I found a HTML injection vulnerability 1 flaw in the Nextcloud and Owncloud latest version. Through this vulnerability an attacker could manipulate the website. This vulnerability could affect to the logged users. An attacker could send a malicious link that contains the manipulated URL to...

3.5CVSS0.00643EPSS
Exploits1
Nmap
Nmap
added 2017/03/01 4:12 a.m.1803 views

http-cookie-flags NSE Script

Examines cookies set by HTTP services. Reports any session cookies set without the httponly flag. Reports any session cookies set over SSL without the secure flag. If http-enum.nse is also run, any interesting paths found by it will be checked in addition to the root. See also: http-enum.nse...

10CVSS0.1AI score0.99448EPSS
Exploits33
n0where
n0where
added 2017/02/07 6:12 a.m.20 views

Universal MITM Web Server: CopyCat

Universal MITM Web Server CopyCat is a Node.js based universal MITM web server. Used with DNS spoofing or another redirect attack, this server will act as a MITM for web traffic between the victim and a real server. Most often we see DNS spoofing used to redirect victims to an attackers server...

0.3AI score
Exploits0References1
Hacker One
Hacker One
added 2016/12/01 6:27 a.m.157 views

Open-Xchange: Web Browser XSS Protection Not Enabled

Web Browser XSS Protection is not enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header on the web server http://www.dovecot.fi/s=..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Csystem.ini&submit=Search...

6AI score
Exploits0
Kitploit
Kitploit
added 2016/10/16 2:12 p.m.251 views

yawast - The YAWAST Antecedent Web Application Security Toolkit

YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL - Versions and cipher suites supported; common issues. Information Disclosure - Checks for common information...

7.4CVSS7.3AI score0.95326EPSS
Exploits15References1
RedHat Linux
RedHat Linux
added 2016/07/19 8:39 p.m.7 views

JGroups: Authorization bypass

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...

9.8CVSS6.6AI score0.04698EPSS
Exploits0References4
Hacker One
Hacker One
added 2016/07/06 3:28 p.m.15 views

Legal Robot: AWS S3 website can't serve security headers, may allow clickjacking

Security researcher discovered that our AWS S3 website was not serving some basic security headers like X-Frame-Options. We resolved the issue by putting nginx in front of our AWS S3 website and adding header directives. Fixed security headers can be verified here: https://schd.io/zt...

2.1AI score
Exploits0
Hacker One
Hacker One
added 2015/10/26 11:48 p.m.32 views

Deriv.com: Http Response Splitting - Validate link

So i found a http response splitting issue in your website. If we visit the following url: https://www.binary.com/user/validatelink?step=account&verifytoken=sometoken We will get a response header that says: Set-Cookie: verifytoken=sometoken; expires=Wed, 28 Oct 2015 23:31:35 GMT;...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2015/06/04 5:29 a.m.59 views

Coinbase: OAuth authorization page vulnerable to clickjacking

Due to a misconfiguration, the 'authorize' button on the OAuth authorization page was vulnerable to clickjacking. The bug was fixed by ensuring our OAuth-related responses included the same security headers including X-Frame-Options as the rest of the site...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2015/05/29 7:10 p.m.18 views

Legal Robot: Missing security headers, possible clickjacking

Security researcher discovered missing headers, including x-frame-options and content-security-policy...

2.1AI score
Exploits0
Kitploit
Kitploit
added 2015/03/10 5:0 p.m.17 views

RAWR - Rapid Assessment of Web Resources

Features A customizable CSV containing ordered information gathered for each host, with a field for making notes/etc. An elegant, searchable, JQuery-driven HTML report that shows screenshots, diagrams, and other information. A report on relevent security headers, courtesy of SmeegeSec. a CSV Thre...

6.8AI score
Exploits0References1
n0where
n0where
added 2015/02/06 7:40 a.m.17 views

RAWR – Rapid Assessment of Web Resources

RAWR is designed to make the process of web enumeration easy and efficient by providing pertinent information in usable formats. It uses NMaplive or from file, Metasploit, Qualys, Nexpose, or Nessus scan data to target web services for enumeration, then visits each host on each port with an...

6.7AI score
Exploits0References2
Rows per page
Query Builder