Lucene search
K

50 matches found

Kitploit
Kitploit
added 2019/01/26 12:38 p.m.177 views

Sh00T - A Testing Environment for Manual Security Testers

A Testing Environment for Manual Security Testers. Sh00t is a task manager to let you focus on performing security testing provides To Do checklists of test cases helps to create bug reports with customizable bug templates Features: Dynamic Task Manager to replace simple editors or task managemen...

7.4AI score
Exploits0References3
ThreatPost
ThreatPost
added 2018/08/23 1:39 p.m.16 views

DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test

A day after the Democratic National Committee riled up security researchers and the press, it’s walking back an assertion that there was an attempt to compromise its voter database. Though it seemed like the event was the latest in a series of malicious efforts designed to harvest credentials...

0.6AI score
Exploits0References6
ThreatPost
ThreatPost
added 2018/08/22 9:19 p.m.10 views

DNC Becomes Latest Target in Series of Election-Season Attacks

UPDATE The Democratic National Committee said Wednesday that it reportedly disrupted an attempt to compromise its voter database – apparently the latest in a series of malicious efforts designed to harvest credentials belonging political targets or influence the electorate ahead of the November...

0.2AI score
Exploits0References10
Kitploit
Kitploit
added 2018/06/22 10:33 p.m.24 views

CHIPSEC - Platform Security Assessment Framework

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware BIOS/UEFI, and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and...

7.7AI score
Exploits0References3
n0where
n0where
added 2017/09/19 5:48 a.m.64 views

Dynamic Application Security Test Orchestration: Webbreaker

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Exploits0References10
Hacker One
Hacker One
added 2017/01/12 7:0 p.m.20 views

U.S. Dept Of Defense: Misconfigured user account settings on DoD website

A Department of Defense website was misconfigured in a manner that may have allowed a malicious user to reset, or steal login credentials of legitimate users. @mantis was able to demonstrate this vulnerability by testing the user account application of the website. Thanks @mantis!...

2.6AI score
Exploits0
Kitploit
Kitploit
added 2016/05/26 11:39 p.m.83 views

stickyKeysHunter - A Script to Test an RDP Host for Sticky Keys and Utilman Backdoor

This bash script tests for sticky keys and utilman backdoors. The script will connect to an RDP server, send both the sticky keys and utilman triggers and screenshot the result. How does it work? 1. Connects to RDP using rdesktop 2. Sends shift 5 times using xdotool to trigger sethc.exe backdoors...

7.2AI score
Exploits0References1
myhack58
myhack58
added 2015/03/16 12:0 a.m.10 views

On elasticsearch1. 4. 3 The following version of the security vulnerabilities in the attack process reproducibility-vulnerability warning-the black bar safety net

elasticsearch1. 4. 3 The following are a few version you can execute groovy scripts, this is after the use can directly call the Windows cmd command and linux shell. Online there are some articles, but writing is not enough ground gas, and here I reproduce this vulnerability during the attack,...

0.5AI score
Exploits0
myhack58
myhack58
added 2015/02/04 12:0 a.m.26 views

Fix Firefox(Firefox browser commonly used security test plug-in Live HTTP Headers replay function-vulnerability warning-the black bar safety net

Live Http headers for Firefox the following Http header capture tool, commonly used in safety tests. But unfortunately the Replay function is not in the most recent version of the Firefox browser35.0.1, I decided to plug-in the official version of the update before to do a temporary repair. I fou...

Exploits0
seebug.org
seebug.org
added 2014/11/07 12:0 a.m.16 views

某OA系统SQL注射漏洞(SA权限)

简要描述: RT 详细说明: 海天OA存在一处sql注入 海天OA官网:http://www.haitiansoft.com:8080/ 前人也有提交过我就不写那么多案例了,下面就用5个案例来做安全测试! SQL注入点: /ZhuanTi/OAZTDocDisplayNewWindow.asp?OAID= 漏洞证明: 案例: mask 区域 1.http://.. /ZhuanTi/OAZTDocDisplayNewWindow.asp?OAID=1 mask 区域 1.http://.. /ZhuanTi/OAZTDocDisplayNewWindow.asp?OAID=1 mask ...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/10/31 2:49 a.m.14 views

Uzbey: test

test...

1.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Dating Agent 4.7.1 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/18607/info Dating Agent is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2013/11/20 12:0 a.m.10 views

IT-Grundschutz M4.238: Einsatz eines lokalen Paketfilters (Windows)

IT-Grundschutz M4.238: Einsatz eines lokalen Paketfilters Windows. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94220 Stand: 13. Ergänzungslieferung 13. EL. Hinweis:...

Exploits0References1
OpenVAS
OpenVAS
added 2011/12/09 12:0 a.m.17 views

IT-Grundschutz, 12. EL

Zusammenfassung von Tests gemäß IT-Grundschutz in 12. Ergänzungslieferung. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94171 Diese Routinen prüfen sämtliche Maßnahm...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2011/11/07 12:0 a.m.8 views

IT-Grundschutz M4.023: Sicherer Aufruf ausführbarer Dateien

IT-Grundschutz M4.023: Sicherer Aufruf ausführbarer Dateien. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94194 Diese Prüfung bezieht sich auf die 12...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2010/07/26 12:0 a.m.477 views

CGI Generic Injectable Parameter

Nessus was able to to inject innocuous strings into CGI parameters and read them back in the HTTP response. The affected parameters are candidates for extended injection tests like cross-site scripting attacks. This is not a weakness per se, the main purpose of this test is to speed up other...

5.1AI score
Exploits0
OpenVAS
OpenVAS
added 2010/03/09 12:0 a.m.10 views

IT-Grundschutz M5.072: Deaktivieren nicht benötigter Netzdienste

IT-Grundschutz M5.072: Deaktivieren nicht benötigter Netzdienste. ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.95068 Diese Prüfung bezieht sich auf die 11...

7.3AI score
Exploits0References1
xssed
xssed
added 2009/10/21 12:0 a.m.13 views

Unfixed XSS vulnerability at forumkings.com

Security researcher Rockwell, has submitted on 21/10/2009 a cross-site-scripting XSS vulnerability affecting forumkings.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2010. It is currently...

Exploits0References1
OpenVAS
OpenVAS
added 2009/10/13 12:0 a.m.33 views

Fedora Core 10 FEDORA-2009-10233 (deltarpm)

The remote host is missing an update to deltarpm announced via advisory FEDORA-2009-10233. OpenVAS Vulnerability Test $Id: fcore200910233.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-10233 deltarpm Authors: Thomas Reinke Copyright: Copyright c 20...

5CVSS9.6AI score0.03999EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2009/09/21 12:0 a.m.82 views

SuSE Security Summary SUSE-SR:2009:015

The remote host is missing updates announced in advisory SUSE-SR:2009:015. SuSE Security Summaries are short on detail when it comes to the names of packages affected by a particular bug. Because of this, while this test will detect out of date packages, it cannot tell you what bugs impact which...

9.3CVSS1.5AI score0.14749EPSS
Exploits28
Rows per page
Query Builder