CVE-2017-14941

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector...

Introducing GoCrack: A Managed Password Cracking Tool

FireEye's Innovation and Custom Engineering ICE team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI Figure 1 shows the dashboard to create, view, and manage...

OWASP ZAP 2.6.0 - Penetration Testing Tool for Testing Web Applications

The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It...

Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

Kaspersky Lab — We have nothing to hide! Russia-based Antivirus firm hits back with what it calls a "comprehensive transparency initiative," to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community. Kaspersky launch...

Trend Micro Mobile Security for Enterprise SQL Injection

SQL injection vulnerability in Trend Micro Mobile Security for Enterprise assignpolicy action Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

CVE-2017-9368

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

Information disclosure

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

CVE-2017-9368

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

CVE-2017-9368

CVE-2017-9368 affects BlackBerry Workspaces Server. An information disclosure vulnerability allows an attacker to gain access to source code for server‑side applications by crafting requests for specific files. Exploitation is shown as network‑accessible with low attack complexity and no authenti...

CVE-2017-9368

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling patterns CVE-2017-11799 Bailout: "ChakraCoreas background JIT compiler generates highly optimized JITaed code based upon the data and infers likely usage patterns based on the profile...

DNS Diagnostics & Performance Measurement Tools: DNSDiag

Ever been wondering if your ISP is hijacking your DNS traffic ? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to ma...

HP Shared ArcSight Source Code with Russians

Reuters is reporting that HP Enterprise gave the Russians a copy of the ArcSight source code. The article highlights that ArcSight is used by the Pentagon to protect classified networks, but the security risks are much broader. Any weaknesses the Russians discover could be used against any ArcSig...

CVE-2017-14941

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector...

Design/Logic Flaw

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector...

CVE-2017-14941

Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit action for a Data Source connector...

Apache Tomcat VirtualDirContext Information Disclosure (CVE-2017-12616)

An information disclosure vulnerability exists in Apache Tomcat. By crafting a malicious request an attacker may view the source code of jsp files for resources...

Gratipay: Adding Used Primary Email Address to attacker account and Account takeover

Summary I just found that the Gratipay is vulnerable for adding used Primary Email Address to attacker account and Account takeover of the Gratipay. Description I was looking at the source code of the application and I found that, "If the email address [email protected] is already added in the X...

youke365_SQL_Injection#1

优客365 v2.9版本 后台存在SQL注入，可导致获取后台管理员账号密码 1，一个单引号引发的血案 爆出了表名dirusers和一些列名 2，源码审计，问题代码在.\module\login.php 代码处理不严谨。根据上图，经测试，用户名可以用1' or '1'='1进行绕过 密码进行了md5加密，所以不能进行简单绕过 3，sql注入 将爆破后的密码进行md5解密，即可得到管理员密码。当然，也可以顺便爆破管理员账号。（所以通过管理员账号认证是有两种姿势） 4，愉快地登陆后台 最后附上payload payload = ' and select 1 fromselect...

Zomato: SSRF in https://www.zomato.com████ allows reading local files and website source code

@nbsp found a SSRF vulnerability which leads to read local files from the web server source code & system files. We have resolved the issue quickly and rewarded the researcher...