5315 matches found
ZKTeco ZKBioSecurity 3.0 - Directory Traversal
ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator:...
2wire Gateway Authentication Bypass
Gateway Authentication Bypass Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Oracle Glassfish Server Directory Traversal
Directory traversal vulnerability Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Comtrend Router Password Disclosure
Remote password disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Dotclear 2.9.1 Directory Download
Dotclear 2.9.1 Directory Download Vulnerability + Software: https://dotclear.org/ + Author: Wiswat Aswamenakul + Affected version: only tested on 2.9.1 previous version might be affected + Platform: tested on Ubuntu 14.04, PHP 5.5.9 + Description Authenticated users with media manager access...
BFAC - Backup File Artifacts Checker
An automated tool that checks for backup artifacts that may discloses the web-application's source code. \ \ \ | | /| || / | / / | | || | | | | || | | \ \ | | || | | | | || /\ |/ / |/ |/ |/ -:::Backup File Artifacts Checker:::- An automated tool that checks for backup artifacts that may...
WordPress Plugin Mail Masta 1.0 - Local File Inclusion
Date: 23-8-2016 + Autor Guillermo Garcia Marcos + Vendor: https://downloads.wordpress.org/plugin/mail-masta.zip + Title: Mail Masta WP Local File Inclusion + info: Local File Inclusion The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file...
Raptor - Web-based Source Code Vulnerability Scanner
Raptor is a web-based web-serivce + UI github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are available...
Silver Stripe CMS: source code security analysis report
Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...
Dynamic Network Analysis Tool: FakeNet-NG
Dynamic Network Analysis Tool FakeNet-NG is a next generation dynamic network analysis tool for malware analysts and penetration testers. It is open source and designed for the latest versions of Windows. FakeNet-NG is based on the excellent Fakenet tool developed by Andrew Honig and Michael...
PhpMyAdmin 4.3.0—4.6.2 authorized users remote command execution vulnerability
Problem source code part in PMA 4.6.2: - libraries/controllers/table/TableSearchController.php:708: php 708: private function getRegexReplaceRows ... 727: if isarray$result 728: foreach $result as $index=$row 729: $result$index1 = pregreplace 730: "/" . $find . "/", 731: $replaceWith, 732: $row0...
New Relic: Leaking license key in source code
Restricted role user has no way to view the license key, but the license key is leaking in the source code. Steps to reproduce Assume userA is owner, userB is restricted user. Login as userB and go to https://rpm.newrelic.com/accounts/accid/applications/setup Select any Web agent, view page sourc...
Hackers can use Docker vulnerability download Twitter Vine the full source code-bug warning-the black bar safety net
! Guess what? That someone turned out to be the Twitter Vine's complete source code download down. Vine is a short video share service,users can use Vine to share a six-second video clips,and seamlessly embedded into Twitter messages. With other video sharing service is different,Vine support...
Hacker Downloaded Vine's Entire Source Code. Here’s How...
Guess What? Someone just downloaded Twitter’s Vine complete source code. Vine is a short-form video sharing service where people can share 6-second-long looping video clips. Twitter acquired the service in October 2012. Indian Bug bounty hunter Avinash discovered a loophole in Vine that allowed h...
IPS Community Suite RCE
Remote Code Execution in IPS Community Suite Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
Drupal WikiWiki SQL Injection
SQL Injection vulnerability in Drupal WikiWiki module find parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
Struts2 exploits tool Devmode version released with the source code-the vulnerabilities and early warning-the black bar safety net
! Disclaimer: This tool is for security testing purposes, the prohibition of the illegal use. Please pay attention and check the tool Safety. When Struts2 turn on devMode mode, will lead to a serious remote code execution vulnerability. If the WebService to start a permission is the highest...
Moodle: source code security analysis report
Several vulnerabilities were discovered in Moodle 'Moodle' software: File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Incorrect Newline Symbol Filtration in HTTP-response Headers Using Insufficiently Random Generators in Cryptography HttpOnly Cooki...
Tiki Wiki CMS 15.1 Upload
Arbitrary upload vulnerability in Tiki Wiki CMS elfinder Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...
MARA Framework - Mobile Application Reverse engineering and Analysis Framework
MARA is a M obile A pplication R everse engineering and A nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security...