50 matches found
Sh00T - A Testing Environment for Manual Security Testers
A Testing Environment for Manual Security Testers. Sh00t is a task manager to let you focus on performing security testing provides To Do checklists of test cases helps to create bug reports with customizable bug templates Features: Dynamic Task Manager to replace simple editors or task managemen...
DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test
A day after the Democratic National Committee riled up security researchers and the press, it’s walking back an assertion that there was an attempt to compromise its voter database. Though it seemed like the event was the latest in a series of malicious efforts designed to harvest credentials...
DNC Becomes Latest Target in Series of Election-Season Attacks
UPDATE The Democratic National Committee said Wednesday that it reportedly disrupted an attempt to compromise its voter database – apparently the latest in a series of malicious efforts designed to harvest credentials belonging political targets or influence the electorate ahead of the November...
CHIPSEC - Platform Security Assessment Framework
CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware BIOS/UEFI, and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and...
Dynamic Application Security Test Orchestration: Webbreaker
Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...
U.S. Dept Of Defense: Misconfigured user account settings on DoD website
A Department of Defense website was misconfigured in a manner that may have allowed a malicious user to reset, or steal login credentials of legitimate users. @mantis was able to demonstrate this vulnerability by testing the user account application of the website. Thanks @mantis!...
stickyKeysHunter - A Script to Test an RDP Host for Sticky Keys and Utilman Backdoor
This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server, send both the sticky keys and utilman triggers and screenshot the result. How does it work? 1. Connects to RDP using rdesktop 2. Sends shift 5 times using xdotool to trigger sethc.exe backdoors...
On elasticsearch1. 4. 3 The following version of the security vulnerabilities in the attack process reproducibility-vulnerability warning-the black bar safety net
elasticsearch1. 4. 3 The following are a few version you can execute groovy scripts, this is after the use can directly call the Windows cmd command and linux shell. Online there are some articles, but writing is not enough ground gas, and here I reproduce this vulnerability during the attack,...
Fix Firefox(Firefox browser commonly used security test plug-in Live HTTP Headers replay function-vulnerability warning-the black bar safety net
Live Http headers for Firefox the following Http header capture tool, commonly used in safety tests. But unfortunately the Replay function is not in the most recent version of the Firefox browser35.0.1, I decided to plug-in the official version of the update before to do a temporary repair. I fou...
某OA系统SQL注射漏洞(SA权限)
简要描述: RT 详细说明: 海天OA存在一处sql注入 海天OA官网:http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了,下面就用5个案例来做安全测试! SQL注入点: /ZhuanTi/OAZTDocDisplayNewWindow.asp?OAID= 漏洞证明: 案例: mask 区域 1.http://.. /ZhuanTi/OAZTDocDisplayNewWindow.asp?OAID=1 mask 区域 1.http://.. /ZhuanTi/OAZTDocDisplayNewWindow.asp?OAID=1 mask ...
Uzbey: test
test...
Dating Agent 4.7.1 - Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18607/info Dating Agent is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly...
IT-Grundschutz M4.238: Einsatz eines lokalen Paketfilters (Windows)
IT-Grundschutz M4.238: Einsatz eines lokalen Paketfilters Windows. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94220 Stand: 13. Ergänzungslieferung 13. EL. Hinweis:...
IT-Grundschutz, 12. EL
Zusammenfassung von Tests gemäß IT-Grundschutz in 12. Ergänzungslieferung. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94171 Diese Routinen prüfen sämtliche Maßnahm...
IT-Grundschutz M4.023: Sicherer Aufruf ausführbarer Dateien
IT-Grundschutz M4.023: Sicherer Aufruf ausführbarer Dateien. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94194 Diese Prüfung bezieht sich auf die 12...
CGI Generic Injectable Parameter
Nessus was able to to inject innocuous strings into CGI parameters and read them back in the HTTP response. The affected parameters are candidates for extended injection tests like cross-site scripting attacks. This is not a weakness per se, the main purpose of this test is to speed up other...
IT-Grundschutz M5.072: Deaktivieren nicht benötigter Netzdienste
IT-Grundschutz M5.072: Deaktivieren nicht benötigter Netzdienste. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.95068 Diese Prüfung bezieht sich auf die 11...
Unfixed XSS vulnerability at forumkings.com
Security researcher Rockwell, has submitted on 21/10/2009 a cross-site-scripting XSS vulnerability affecting forumkings.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2010. It is currently...
Fedora Core 10 FEDORA-2009-10233 (deltarpm)
The remote host is missing an update to deltarpm announced via advisory FEDORA-2009-10233. OpenVAS Vulnerability Test $Id: fcore200910233.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-10233 deltarpm Authors: Thomas Reinke Copyright: Copyright c 20...
SuSE Security Summary SUSE-SR:2009:015
The remote host is missing updates announced in advisory SUSE-SR:2009:015. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...