5327 matches found
5 Best Practices for your SAST Evaluation
Static Application Security Testing SAST solutions analyze the source code of applications for vulnerabilities without running or deploying the code. In case you are not sure if SAST is the right approach for you or what different SAST approaches exist we recommend reading our previous blog post...
Goscan - Interactive Network Scanner
GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...
WordPress Ultimate-Member 2.0.38 Cross Site Request Forgery / Shell Upload
Exploit Title : WordPress Ultimate-Member Plugins 2.0.38 CSRF Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 05/02/2019 Vendor Homepage : ultimatemember.com Software Download Link : downloads.wordpress.org/plugin/ultimate-member.2.0.38.zip Software...
CVE-2018-18941
In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is...
CVE-2018-18941
In Vignette Content Management version 6, it is possible to gain remote access to administrator privileges by discovering the admin password in the vgn/ccb/user/mgmt/user/edit/0,1628,0,00.html?uid=admin HTML source code, and then creating a privileged user account. NOTE: this product is...
FreeBSD : Gitlab -- Multiple vulnerabilities (b2f4ab91-0e6b-11e9-8700-001b217b3468)
Gitlab reports : Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label...
Missing Origin Validation in webpack-dev-server
Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not validated...
Phishing Tactic Hides Tracks with Custom Fonts
An insidious phishing method evades detection using a never-before-seen technique that leverages custom fonts to cover its tracks. Researchers at Proofpoint recently discovered an active credential harvesting phishing scheme. Once a victim has clicked on the initial phishing email, the resulting...
TerraMaster Operating System SQL Injection
SQL Injection vulnerability in TerraMaster Operating System Event parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
Vtiger CRM 7.1.0 Remote Code Execution
Exploit Title: Vtiger CRM 7.1.0 - Remote Code Execution Date: 2018-12-27 Exploit Author: Azkan Mustafa AkkuA AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.vtiger.com Software Link: https://sourceforge.net/projects/vtigercrm/files/latest/download Version: v7.1.0 Category:...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label referen...
Spring MVC File Disclosure
File disclosure vulnerability in Spring MVC on Windows Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
CVE-2018-20478
An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value...
IP Obfuscator - Simple Tool To Convert An IP Into Integer, Hexadecimal Or Octal Form
IP Obfuscator is a simple tool written in python to convert an IP into different obfuscated forms. This tool will help you to obfuscate host addresses into integer, hexadecimal or octal form. What is Obfuscation? "In software development, obfuscation is the deliberate act of creating source or...
Rockwell Automation Allen-Bradley PowerMonitor 1000 Authentication Bypass
Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/ Version: 1408-EM3A-ENT B Tested on: It is a proprietary devices:...
FreeBSD-SA-18:14.bhyve
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:14.bhyve Security Advisory The FreeBSD Project Topic: Insufficient bounds checking in bhyve8 device model Category: core Module: bhyve Announced: 2018-12-04...
KPOT Botnet - File Download/Source Code Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: KPOT Botnet - File Download/Source Code Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: https://bhf.io/threads/515432/ Version: unkn0wn Tested on: Window...
KPOT Botnet Arbitrary File Disclosure
Exploit Title: KPOT Botnet - File Download/Source Code Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: https://bhf.io/threads/515432/ Version: unkn0wn Tested on: Windows 10, debian 7 CVE : n/a Vuln-Code: download.php PoC:...
Mail.ru: source code leak
A fragment of source code was available for download on flash.terrhq.ru...
Navigate CMS File Disclosure
File disclosure vulnerability in Navigate CMS navigatedownload.php id parameter Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...