Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...

GHSA-H5H8-PC6H-JVVX Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...

Arbtirary Command Execution

composer/composer is vulnerable to arbitrary command execution. A missing argument delimiter allows an attacker to inject and execute arbitrary commands via VCS repository URLs or source download URLs on systems with Mercurial...

Windows File Shares Reconnaissance: SMBCrunch

One of the most time consuming tasks during a security auditing process is diving into file-systems and shares, attempting to identify any potentially sensitive information. SMBCrunch helps penetration testers to quickly identify Windows File Shares on a network, perform a recursive directory...

Sandboxed Execution Environment: SEE

Sandboxed Execution Environment SEE is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors Qemu, VirtualBox, LXC can be employed to run the Test Environments...

Penetration Testing Browser Bundle: PenQ

PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...

Open Conference Systems 1.1.4 - fullpath File Inclusion

Open Conference Systems 1.1.4 - fullpath File Inclusion Open Conference Systems = 1.1.3 Remote File Inclusion Download Source : http://pkp.sfu.ca/ocs/download/ocs-1.1.3.tar.gz Found By : k1tk4t - k1tk4t4tnewhack.org Location : Indonesia -- newhackdotorg file ; theme.inc.php footer.inc.php bugs ; ...

Splitvt exploit

Problem ======= Splitvt 1.6.3 contains a buffer overflow, if you have installed splitvt suid root like Debian/Redhat/etc, btw not slackware you should upgrade to 1.6.4. Solution ======= Debian users: see http://www.debian.org/security/2000/20000605a Redhat: Redhat did respond with a "that package...