Gophish - Open-Source Phishing Toolkit

Gophish is an open-source phishing toolkit designed for businesses and penetration testers. It provides the ability to quickly and easily setup and execute phishing engagements and security awareness training. Install Installation of Gophish is dead-simple - just download and extract the zip...

CVE-2020-7236

UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= Site Name field of the Site Setup section...

CVE-2020-7236

The CVE-2020-7236 issue affects UHP UHP-100 devices with firmware versions 3.4.1.15, 3.4.2.4, and 3.4.3, where a Cross-Site Scripting (XSS) vulnerability exists in the WEB application. The root cause is insufficient validation of client-side data in the Site Setup section’s Site Name field (cw2?t...

Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals

Bluewall is a firewall framework designed for offensive and defensive cyber professionals. This framework allows Cybersecurity professionals to quickly setup their environment while staying within their scope. Credit Inspired by Andrew Benson's hostfw iptable generation script. Features Bluewall...

CVE-2019-19802

In Gallagher Command Centre Server v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without...

Privilege escalation

In Gallagher Command Centre Server v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without...

CVE-2019-14837

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'...

S3Tk - A Security Toolkit For Amazon S3

A security toolkit for Amazon S3 Another day, another leaky Amazon S3 bucket — The Register, 12 Jul 2017 Don’t be the... next... big... data... leak Battle-tested at Instacart Installation Run: pip install s3tk You can use the AWS CLI to set up your AWS credentials: pip install awscli aws configu...

CTFd 2.1.5 Administrator Account Takeover

Exploit Title: CTFd Administrator Account Takeover Date: 2/1/20 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://ctfd.io Software Link: https://github.com/CTFd/CTFd/releases/tag/2.1.5 Version: CTFd Local/Remote Hosting 2.1.5 and below Tested on: CTFd 2.1.5 CTFd...

Desktop Studio Error: "Can't Get License Info"

The license server can be registered with XenDesktop either when XenDesktop is configured, or through the Change license server action on the Licensing node in Desktop Studio. When the administrator specifies the address of the license server, Desktop Studio attempts to discover the License...

CVE-2019-8804

An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup...

CVE-2019-8801

A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching. This issue is fixed in macOS Catalina 10.15.1, iTunes for Windows 12.10.2. Running the iTunes installer in an untrusted directory may result in arbitrary code execution...

CVE-2019-8801

The CVE-2019-8801 entry describes a dynamic library loading issue in iTunes setup addressed by improved path searching. Affected products include macOS Catalina 10.15.1 and iTunes for Windows 12.10.2; running the iTunes installer from an untrusted directory could lead to arbitrary code execution....

CVE-2019-8804

CVE-2019-8804 affects Apple iOS/iPadOS Setup Assistant. The issue: an inconsistency in Wi‑Fi network configuration handling during device setup could allow an attacker in physical proximity to redirect a user to a malicious Wi‑Fi network. Root cause is a faulty state/network configuration flow wi...

Various Jira Server setup resources are vulnerable to XSRF/CSRF - CVE-2019-20401

Various installation setup resources in Jira before version 8.5.2 allow remote attackers to configure a Jira instance, which has not yet finished being installed, via Cross-site request forgery CSRF vulnerabilities. Once a Jira instance is setup i.e. database, admin account, licence, etc. form ar...

CVE-2019-18191

The CVE-2019-18191 entry concerns Trend Micro Deep Security as a Service Quick Setup cloud formation template. The vulnerability enables privilege escalation where an authenticated entity with certain unrestricted AWS execution privileges can gain full privileges within the target AWS account. Do...

CVE-2019-3988

Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter...

EulerOS 2.0 SP5 : php (EulerOS-SA-2019-2546)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session...

You’re In Safe Hands with Trend Micro Home Network Security

A three-part series on using Home Network Security to protect your home Your home should be a haven that protects you. In the cyber age, however, your router, computers, and TVs, your game consoles and smart devices, are continuously connected to the internet and run the risk of being...

Burp Suite Secret Finder - Burp Suite Extension To Discover Apikeys/Tokens From HTTP Response

Burp Suite extension to discover a apikey/tokens from HTTP response. Install download SecretFinder wget https://raw.githubusercontent.com/m4ll0k/BurpSuite-SecretFinder/master/SecretFinder.py or git clone https://github.com/m4ll0k/BurpSuite-SecretFinder.git now open Burp Extender Extensions Add se...