7925 matches found
Infection Monkey - An Automated Pentest Tool
The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey i...
Composr CMS Cross-Site Scripting Vulnerability
Composr CMS is an open source content management system CMS developed using HTML, CSS and WCAG technologies. A cross-site scripting vulnerability exists in Composr CMS version 10.0.13. A remote attacker can exploit this vulnerability by sending a page=admin-setupwizard&type=step3 request to...
CVE-2018-6518
Composr CMS 10.0.13 has XSS via the sitename parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php...
CVE-2018-6518
Composr CMS 10.0.13 has XSS via the sitename parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php...
HackerOne: Team object in GraphQL disclosed total number of whitelisted hackers
Summary: Hi team. Whitelistedhackers i think your setup - Two-factor authentication and IP whitelisting are available to further restrict access to accounts. Description: Again, because of the link error, I can see the number, but I can't see these links. Analogue 310946 Steps To Reproduce 1...
Design/Logic Flaw
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the containersetupmodules and hyperrescanscsi functions in container.c, related to runV 1.0.0 for Docker...
CVE-2018-10205
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the containersetupmodules and hyperrescanscsi functions in container.c, related to runV 1.0.0 for Docker...
Hashtopolis - A Hashcat Wrapper For Distributed Hashcracking
Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...
CVE-2013-4786 for LOM vulnerability
Mitigation recommendations for vulnerability CVE-2013-4786: 1. Setup SSL on the LOM port to encrypt credentials during login. 2. Follow the Secure Deployment Guide for Citrix ADC to isolate all management ports including the BMC management port on a management VLAN as is industry best practice...
Pymeta - Search The Web For Files On A Domain To Download And Extract Metadata
Pymeta is a Python3 rewrite of the tool PowerMeta, created by dafthack in PowerShell. It uses specially crafted search queries to identify and download the following file types pdf, xls, xlsx, doc, docx, ppt, pptx from a given domain using Google and Bing. Once downloaded, metadata is extracted...
Security Onion - Linux Distro For IDS, NSM, And Log Management
Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wiza...
kubernetes security update
1.9.1-2.1.5 - Production built 1.9.1-2.1.5 - Fix the upgrade version check - Remove w/a from Orabug 27125915 1.9.1-2.1.4.dev - Make sure worker node upgrade properly - Orabug 27649898 1.9.1-2.1.3.dev - Ensure that the runtime mounts RO volumes read-only CVE-2017-1002102 - Update Dashboard version...
How to Determine the IP Addresses of Active Connections to a Virtual Server of a NetScaler
This article describes how to determine the IP addresses of active connections to a virtual server of a NetScaler. Background To troubleshoot a web application issue, you might need to determine the IP address actively connected to a virtual server of NetScaler. For example, certain percentage of...
Envizon - Network Visualization Tool With Focus On Red / Blue Team Requirements
This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and organization tool, 'envizon'. We hope your feedback will help to improve and hone i...
Rainmap Lite - Responsive Web Based Interface That Allows Users To Launch Nmap Scans From Their Mobiles/Tablets/Web Browsers
Rainmap Lite - Responsive web application that allows users to launch Nmap scans from their mobiles/tablets/web browsers! Unlike it's predecessor 1, Rainmap-lite does not require special services RabbitMQ, PostgreSQL, Celery, supervisor, etc to make it easy to install on any server. You simply ne...
LeakVM - Research & Pentesting Framework For Android, Run Security Tests Instantly
LeakVM: Run security tests instantly. Why LeakVM : LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real tim...
Powershell-RAT - Python Based Backdoor That Uses Gmail To Exfiltrate Data Through Attachment
Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment. Note: This...
XenDesktop Setup Wizard fails with error "The xsPvsSiteUuid Field Does not exist"
When running the XenDesktop Setup Wizard XDSW you encounter the following error. "The xsPvsSiteUuid Field Does not exist" At this point the XDSW fails and aborts the process...
Null pointer dereference
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...
CVE-2018-1066
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...