Hijacker v1.4 - All-in-One Wi-Fi Cracking Tools for Android

Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng , Airodump-ng , MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with a...

Information disclosure

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product...

Design/Logic Flaw

By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic may result in a total resource exhaustion...

CVE-2016-4924

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product...

CVE-2016-4924 vMX: Information leak vulnerability

An incorrect permissions vulnerability in Juniper Networks Junos OS on vMX may allow local unprivileged users on a host system read access to vMX or vPFE images and obtain sensitive information contained in them such as private cryptographic keys. This issue was found during internal product...

中兴集成多业务路由器-ZXR10 1800-2S 敏感信息泄露漏洞

介绍 ZXR10 1800-2S 路由器是中兴通讯推出的集路由、交换、无线、安全、 VPN 于一体的智能集成多业务路由器产品，凭借模块化、可扩展的系统架构，为用户构建智能、高效、可靠、灵活、易维的网络。 该路由器可广泛灵活的适用于大客户接入、 DCN、园区网、校园网、政企网的出口网关、企业的总部/分支接入、金融网点、移动办公室、行业网纵向网的汇聚/接入等网络。 CVE/CNVD/CNNVD & 厂商回应 CVE-2017-10930...

WebBreaker - Dynamic Application Security Test Orchestration (DASTO)

Build functional security testing, into your software development and release cycles! WebBreaker provides the capabilities to automate and centrally manage Dynamic Application Security Testing DAST as part of your DevOps pipeline. WebBreaker truly enables all members of the Software Security...

Learn How to Use Your Android for Hacking and Penetration Testing

Android is now the most used mobile operating system in the world—even Microsoft’s Founder Bill Gates has recently revealed that he is currently using an Android device. Mobile devices have become a powerful productivity tool, and it can now be used to hack and test the security of your networks...

Burp Suite is expose the presence of a remote code execution flaw vulnerability bug,I'll ask dare to continue to invade day the station?-vulnerability warning-the black bar safety net

Burp Suite is what? Confidence to engage in Web Network Security all know, the Burp Suite is for Web application to do network security testing of the integrated platform. It includes a lot of objects, and these objects program a lot of interface, can greatly accelerate our Web application networ...

Kubebot: A Kubernetes Based Security Testing Slackbot

PenTestIT RSS Feed About a week ago, I blogged about List of Portable Hardware Devices for Penetration Testing. The tool that I am blogging about today - Kubebot - can be an awesome example and be installed very easily on a Raspberry Pi that you have lying around. Best part is that this is open...

“Breaking Bad Security” – Tutorial 2 – Remote Access

Welcome to the second tutorial from our video series, “Breaking Bad Security!” This security series is designed to inform you about different tests, tricks, and free tools you can use to validate your security controls to ensure your environment is secure. In this series, we will provide...

Hot air classes on the site of the SQLi and XSS vulnerabilities bug-vulnerability warning-the black bar safety net

Last month in order to practice hand, I choices one of the more popular sites goodwesite.com as I penetrate the leaking test tool. In flaws in the excavation process, I've invented the Web PresenceSQL injectionandXSSflaws. The official start of the article content, let's first briefly understand...

4 steps for improving employee trust while securing them

Earlier this month we held our quarterly Cybercrime Tactics and Techniques Q2 2017 webinar. This event gave thousands of security practitioners and leaders a chance to learn about the latest analysis of threats Malwarebytes Labs has seen around the globe. In case you missed it, you can watch an...

Wireless Auditing & Security Testing Toolkit: BoopSuite

BoopSuite is an up and coming suite of wireless tools designed to be easy to use and powerful in scope, that support both the 2 and 5 GHz spectrums. Written purely in python. A handshake sniffer CLI and GUI, a monitor mode enabling script and a deauth script are all parts of this suite with more ...

WordPress Podlove Podcast Publisher 2.5.3 SQL Injection

DefenseCode ThunderScan SAST Advisory WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory ID: DC-2017-05-006 Advisory Title: WordPress Podlove Podcast Publisher Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Podlove...

WordPress Plugin Easy Modal 2.0.17 - SQL Injection

WordPress Plugin Easy Modal 2.0.17 - SQL Injection DefenseCode ThunderScan SAST Advisory WordPress Easy Modal Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-007 Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities Advisory URL:...

WordPress PressForward 4.3.0 Cross Site Scripting

DefenseCode ThunderScan SAST Advisory WordPress PressForward Plugin Security Vulnerability Advisory ID: DC-2017-05-007 Advisory Title: WordPress PressForward Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress PressForward plugin Language: PHP...

BAF - Blind Attacking Framework

What is BAF ? it's a framework written in python 2.7 that is being made specially for blind attacking , ie : attacking random targets with common security issues , targets are generated by the hackers search engine "shodan" and vulnerable hosts are hacked in an automated way . this framework is...

Exploit for Out-of-bounds Read in Openssl

This repository contains a collection of tools and exploits for various vulnerabilities, including: A payload for the Apache Struts 2 vulnerability CVE-2017-5638 that allows remote code execution. A tool for exploiting the Heartbleed vulnerability CVE-2014-0160 in OpenSSL. A tool for exploiting t...

Introducing InsightAppSec: Cloud-powered Application Security Testing

Rapid7 announces today the launch of InsightAppSec, the newest product to be delivered on the Insight platform. InsightAppSec combines the power and accuracy of Rapid7s industry-leading and proven Dynamic Application Security Testing DAST engine with the quick deployment, scalability, and...