CVE-2018-11232

The etmsetupaux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service panic because a parameter is incorrectly used as a local variable...

Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery

Exploit Title: Powerlogic Schneider Electric IONXXXX Series - Cross-Site Request Forgery Date: 2018-05-17 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Version: ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, PM5XXX series. Tested o...

OWASP iGoat (Swift) - A Damn Vulnerable Swift Application For iOS

This is a Swift version of original iGoat Objective C project. Using OWASP iGoat, you can learn exploiting and defending vulnerabilities in iOS Swift applications. Developed using Swif 4 and Ruby iGoat Objective C was presented at: OWASP TOP 10 Mobile Reverse Engineering Runtime Analysis Data...

DNSBin - Tool To Test Data Exfiltration Through DNS (RCE and XXE)

DNSBin is a simple tool to test data exfiltration through DNS and help test vulnerability like RCE or XXE when the environment has significant constraint. The project is in two parts, the first one is the web server and it's component. It offers a basic web UI, for most cases you won't need more...

Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC Intel wireless driver and related software DLL injection vulnerabilities

Intel Dual Band Wireless-AC, Tri-Band Wireless-AC, and Wireless-AC are wireless NIC products from Intel Corporation.Intel wireless drivers is one of the wireless NIC drivers.Autorun.exe is one of the Autorun.exe is an executable file; Setup.exe is an installation file. A security vulnerability...

hyperstart denial of service vulnerability

HyperHQ Hyper is a layered system based on virtualization. hyperstart is one of the launchers. A security vulnerability exists in the 'containersetupmodules' and 'hyperrescanscsi' functions of the container.c file in hyperstart version 1.0.0 in HyperHQ Hyper. ' functions contain a security...

Unprotected Web App / Device Installers (HTTP)

The script attempts to identify installation/setup pages of various web apps/devices that are publicly accessible and not protected by e.g. account restrictions or having their setup finished. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced...

Infection Monkey - An Automated Pentest Tool

The Infection Monkey is an open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server. The Infection Monkey i...

Composr CMS Cross-Site Scripting Vulnerability

Composr CMS is an open source content management system CMS developed using HTML, CSS and WCAG technologies. A cross-site scripting vulnerability exists in Composr CMS version 10.0.13. A remote attacker can exploit this vulnerability by sending a page=admin-setupwizard&type=step3 request to...

CVE-2018-6518

Composr CMS 10.0.13 has XSS via the sitename parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php...

CVE-2018-6518

Composr CMS 10.0.13 has XSS via the sitename parameter in a page=admin-setupwizard&type=step3 request to /adminzone/index.php...

HackerOne: Team object in GraphQL disclosed total number of whitelisted hackers

Summary: Hi team. Whitelistedhackers i think your setup - Two-factor authentication and IP whitelisting are available to further restrict access to accounts. Description: Again, because of the link error, I can see the number, but I can't see these links. Analogue 310946 Steps To Reproduce 1...

CVE-2018-10205

hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the containersetupmodules and hyperrescanscsi functions in container.c, related to runV 1.0.0 for Docker...

Design/Logic Flaw

hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the containersetupmodules and hyperrescanscsi functions in container.c, related to runV 1.0.0 for Docker...

Hashtopolis - A Hashcat Wrapper For Distributed Hashcracking

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...

CVE-2013-4786 for LOM vulnerability

Mitigation recommendations for vulnerability CVE-2013-4786: 1. Setup SSL on the LOM port to encrypt credentials during login. 2. Follow the Secure Deployment Guide for Citrix ADC to isolate all management ports including the BMC management port on a management VLAN as is industry best practice...

Pymeta - Search The Web For Files On A Domain To Download And Extract Metadata

Pymeta is a Python3 rewrite of the tool PowerMeta, created by dafthack in PowerShell. It uses specially crafted search queries to identify and download the following file types pdf, xls, xlsx, doc, docx, ppt, pptx from a given domain using Google and Bing. Once downloaded, metadata is extracted...

Security Onion - Linux Distro For IDS, NSM, And Log Management

Security Onion is a free and open source Linux distribution for intrusion detection, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Bro, OSSEC, Sguil, Squert, NetworkMiner, and many other security tools. The easy-to-use Setup wiza...

kubernetes security update

1.9.1-2.1.5 - Production built 1.9.1-2.1.5 - Fix the upgrade version check - Remove w/a from Orabug 27125915 1.9.1-2.1.4.dev - Make sure worker node upgrade properly - Orabug 27649898 1.9.1-2.1.3.dev - Ensure that the runtime mounts RO volumes read-only CVE-2017-1002102 - Update Dashboard version...

How to Determine the IP Addresses of Active Connections to a Virtual Server of a NetScaler

This article describes how to determine the IP addresses of active connections to a virtual server of a NetScaler. Background To troubleshoot a web application issue, you might need to determine the IP address actively connected to a virtual server of NetScaler. For example, certain percentage of...