uafuzz

This is an offensive tool for Binary Analysis. The repository, cherrywb/uafuzz, is a directed fuzzer dedicated to Use-After-Free UAF bugs at the binary level. It aims to detect UAF bugs, which appear when a heap element is used after having been freed. The tool uses a combination of static...

vulhub

This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary vulnerability class targeted by Vulhub is not explicitly stated, but it...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for testing and practicing vulnerability exploitation. The primary vulnerability targeted by this repository is not explicitly stated, but it includes various...

[SECURITY] Fedora 33 Update: python3.7-3.7.10-1.fc33

Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release...

WireBug - A Toolset For Voice-over-IP Penetration Testing

WireBug is a tool set for Voice-over-IP penetration testing. It is designed as a wizard which makes it easy to use. The tools are build for single using too, so every tool is its own python or bash program. Installation Install the dependencies in requirements.txt and the python dependencies in...

The vulnerability of the microprogrammed software of Intel Ethernet Series 700 controllers, related to insufficient input data verification, allows a intruder to trigger a service failure.

The vulnerability of Intel Ethernet Series 700 controller microprogramming software is related to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

[SECURITY] Fedora 32 Update: python3.10-3.10.0~a5-1.fc32

Python 3.10 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.10, update your Fedora to a newer version once Python 3.10 is stable...

Reddit: [dubmash] Lack of authorization checks - Update Sound Titles

Summary: During the security testing, it has been observed that the UpdateSound api is vulnerable to IDOR. It allows an attacker to edit the victim's sound track titles. This vulnerability can be exploited using the sound track's uuid in the vulnerable request. This id is publicly known. Steps To...

Exploit for Missing Authorization in Linuxfoundation Harbor

Ary Ary 是一个集成类工具，主要用于调用各种安全工具，从而形成便捷的一键式渗透。 版本：2.1.1 公开版 作者： Ali0th 联系： [email protected] 主页： github.com/Martin2877 声明：本工具仅供学习、测试使用，严禁用于非法用途，开发者对使用者的违法行为不负责任。 交流：欢迎提issue，或私信我加入工具使用交流群。 下载 前往releases下载 相关文档 我的一键 getshell 代码开发之路v1.8.pdf 功能 注意，部分功能还在开发中 0. 信息收集工具开发中 1. 通过多个网络空间的搜索引擎批量爬取相应网站, 如...

Exploit for CVE-2020-14882

CVE-2020-14882ALL CVE-2020-14882ALL综合利用工具，支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。 需要模块：requests、http.client （工具仅用于授权的安全测试，请勿用于非法使用，违规行为与作者无关。） 命令回显模块已知成功版本：12.2.1.3.0、12.2.1.4.0、14.1.1.0.0 选项 功能一：命令回显 python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "net user" python3 CVE-2020-14882ALL.py -u...

Kartpay: Host Header Injection

Summary: Hello Team, While performing security testing on your Main Domain, I found a Host Header Injection Vulnerability. Vulnerability Description: An attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multip...

Top 5 Bug Bounty Platforms to Watch in 2021

While Gartner does not have a dedicated Magic Quadrant for Bug Bounties or Crowd Security Testing yet, Gartner Peer Insights already lists 24 vendors in the "Application Crowdtesting Services" category. We have compiled the top 5 most promising bug bounty platforms for those of you who are lookin...

[SECURITY] Fedora 33 Update: python3.10-3.10.0~a5-1.fc33

Python 3.10 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.10, update your Fedora to a newer version once Python 3.10 is stable...

HCL OneTest Information Disclosure Vulnerability

HCL OneTest is a software testing tool from HCL India that provides multiple testing options. The software supports API testing, functional testing, UI testing, performance testing and service virtualization to support software automation testing. A security vulnerability exists in HCL OneTest...

HCL OneTest License Issue Vulnerability

HCL OneTest is a software testing tool from HCL India that provides multiple testing options. The software supports API testing, functional testing, UI testing, performance testing and service virtualization to support software automation testing. An authorization issue vulnerability exists in HC...

Phpvuln - Audit Tool To Find Common Vulnerabilities In PHP Source Code

phpvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. Installation You can download phpvuln by cloning the Git...

SQL Injection Vulnerability in Testlink

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A SQL injection vulnerability exists in Testlink. An attacker can exploit this vulnerability to execute illegal SQL commands...

ysoserial

This is a Java-based tool called ysoserial, which generates payloads that exploit unsafe Java object deserialization. The tool is designed to create payloads that can be used to attack vulnerable Java applications. The tool uses a variety of payloads, including CommonsCollectionsK1,...

shadowbroker

This repository, lvxiao54/shadowbroker, contains a collection of exploits and tools, including the infamous Shadow Brokers dump. The primary focus of this repository is on exploiting vulnerabilities in various software and systems, particularly in the context of Windows and Linux. The repository...

MTN Group: RXSS - http://macademy.mtnonline.com

The page located at http://macademy.mtnonline.com suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability that occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject malicious JavaScript that...