5335 matches found
Obfuscapk - A Black-Box Obfuscation Tool For Android Apps
Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscat...
ApplicationInspector - A Source Code Analyzer Built For Surfacing Features Of Interest And Other Characteristics To Answer The Question 'What'S In It' Using Static Analysis With A Json Based Rules Engine
Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does. Application Inspector is different from traditional static...
FreeBSD-SA-20:03.thrmisc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:03.thrmisc Security Advisory The FreeBSD Project Topic: kernel stack data disclosure Category: core Module: kernel Announced: 2020-01-28 Credits: Ilja Van...
Remote Desktop Gateway - (BlueGate) Denial of Service Exploit
include "BlueGate.h" / EDB Note: - Download Binary https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-1.exe - Download Source https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-2.zip / void errorconst char msg printf"ERRO...
Remote Desktop Gateway - BlueGate Denial of Service (PoC)
Remote Desktop Gateway - BlueGate Denial of Service PoC include "BlueGate.h" / EDB Note: - Download Binary https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-1.exe - Download Source...
Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC)
include "BlueGate.h" / EDB Note: - Download Binary https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47964-1.exe - Download Source https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47964-2.zip / void errorconst char msg printf"ERROR:...
Starbucks: Korea - LFI via path traversal at https://msr.istarbucks.co.kr:6443/appif/
@iampuky — thank you for reporting the original vulnerability and for confirming the resolution. While analyzing the Starbucks Korea mobile application, i noticed that it called an API at https://msr.istarbucks.co.kr:6443/appif/. It was found that the application running under that directory was...
Ruby: Source code disclosed via S3 Bucket
Summary The Ruby having an Amazon S3 bucked named http://rubyci.s3.amazonaws.com/ which lists some of their log files. Those logs having some informations to check the source code server side directories. Steps to Reproduce 1. direct to http://rubyci.s3.amazonaws.com/ which having READ Permission...
Information disclosure
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.as...
CVE-2020-7227
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.as...
CVE-2020-7227
CVE-2020-7227 affects Westermo MRD-315 devices running firmware 1.7.3 and 1.7.4. An information-disclosure vulnerability allows an authenticated remote attacker to retrieve the source code of several web application functions by issuing requests that omit certain mandatory parameters. Affected pa...
Introducing Microsoft Application Inspector
Modern software development practices often involve building applications from hundreds of existing components, whether they’re written by another team in your organization, an external vendor, or someone in the open source community. Reuse has great benefits, including time-to-market, quality, a...
WAFW00F v2.0 - Allows One To Identify And Fingerprint Web Application Firewall (WAF) Products Protecting A Website
The Web Application FirewallFingerprinting Tool. — FromEnable Security How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...
CVE-2020-6170
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...
Authentication flaw
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...
CVE-2020-6170
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI...
CVE-2020-6170
CVE-2020-6170 affects Genexis Platinum-4410 v2.1 (Firmware P4410-V2–1.28). The issue is an authentication bypass that allows an attacker to obtain cleartext credentials from the HTML source of the cgi-bin/index2.asp page. Publicly visible exploitation exists (e.g., Exploit-DB, PacketStorm) illust...
Dsync - IDAPython Plugin That Synchronizes Disassembler And Decompiler Views
IDAPython plugin that synchronizes decompiled and disassembled code views. Please refer to comments in the source code for more details. Requires 7.2 Download Dsync...
Information disclosure
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code...
Cross-site Scripting (XSS)
craftcms is vulnerable to Cross-site Scripting XSS. The vulnerability exists because it does not handle the header insertion field when adding source code at an s/admin/entries/news/new URI...