xml_file

This plugin writes the framework messages to an XML report file. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- outputfile | outputfile | report.xml | File name where this plugin will write to | No...

Information disclosure

Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser...

Information disclosure

Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...

CVE-2017-8860

Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request...

Cohu 3960HD Information Disclosure Vulnerability (CNVD-2017-37750)

The Cohu 3960HD is an IP zoom camera from Cohu USA that is typically used as a traffic camera. An information disclosure vulnerability exists in the Cohu 3960HD. The vulnerability can be exploited by an attacker to view sensitive information e.g., logic between an application and a web browser wi...

WordPress Yoast SEO Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Discoverer: Elias Dimopoulos Linkedin: https://gr.linkedin.com/in/dimopouloselias Vulnerability: Reflected XSS Affected plugin: Yoast SEO plugin alertwindow.location!-- The victim has to have a valid profile under...

Cohu 3960HD Information Disclosure Vulnerability

The Cohu 3960HD is an IP zoom camera from Cohu USA that is typically used as a traffic camera. The Cohu 3960HD suffers from an information disclosure vulnerability. An attacker can view and download source code, log files, and other sensitive device information via a specially crafted web request...

WordPress Yoast SEO Cross Site Scripting

Discoverer: Elias Dimopoulos Linkedin: https://gr.linkedin.com/in/dimopouloselias Vulnerability: Reflected XSS Affected plugin: Yoast SEO plugin alertwindow.location!-- The victim has to have a valid profile under http://victim/wp-admin/admin.php?page=wpseosearchconsole&tab=settings example:...

School CMS 1.0.0 File Uplaod

| | Exploit Title: school cms File Upload Vulnerability | Exploit Author: Ashiyane Digital security Team | Vendor Homepage : https://www.sourcecodester.com/php/5400/school-website-cms.html | Software Link: https://www.sourcecodester.com/sites/default/files/download/arukumar/schoolcms.zip | Versio...

SpookFlare - Meterpreter Loader Generator With Multiple Features For Bypassing Client-Side And Network-Side Countermeasures

SpookFlare has a different perspective to bypass security measures and it gives you the opportunity to bypass the endpoint countermeasures at the client-side detection and network-side detection. SpookFlare is a loader generator for Meterpreter Reverse HTTP and HTTPS stages. SpookFlare has custom...

Valve: MySQL username and password leaked in developer.valvesoftware.com via source code dislosure

Hey there it looks like you are relying on a script that cleans up your backup process on developer.valvesoftware.com: /scripts/finalcleanup.sh: Remove files post cleanup rm -r $SITEPATH/data rm $SITEPATH/.sql rm $SITEPATH/.sql.gz rm $SITEPATH/.tgz rm $SITEPATH/.tar.gz rm $SITEPATH/.log rm -r...

varnish -- information disclosure vulnerability

Varnish reports: A wrong if statement in the varnishd source code means that synthetic objects in stevedores which over-allocate, may leak up to page size of data from a malloc3 memory allocation...

Vault 8: WikiLeaks Releases Source Code For Hive - CIA's Malware Control System

Almost two months after releasing details of 23 different secret CIA hacking tool projects under Vault 7 series, Wikileaks today announced a new Vault 8 series that will reveal source codes and information about the backend infrastructure developed by the CIA hackers. Not just announcement, but t...

CVE-2017-14941

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector...

Introducing GoCrack: A Managed Password Cracking Tool

FireEye's Innovation and Custom Engineering ICE team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI Figure 1 shows the dashboard to create, view, and manage...

OWASP ZAP 2.6.0 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It...

Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

Kaspersky Lab — We have nothing to hide! Russia-based Antivirus firm hits back with what it calls a "comprehensive transparency initiative," to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community. Kaspersky launch...

Trend Micro Mobile Security for Enterprise SQL Injection

SQL injection vulnerability in Trend Micro Mobile Security for Enterprise assignpolicy action Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

CVE-2017-9368

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

Information disclosure

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...