Apk-Medit - Memory Search And Patch Tool On Debuggable Apk Without Root & Ndk

Apk-medit is a memory search and patch tool for debuggable apk without root & ndk. It was created for mobile game security testing. Motivation Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can b...

SSJ - Your Everyday Linux Distribution Gone Super Saiyan

SSJ is s silly little script that relies on docker installed on your everyday Linux distribution Ubuntu, Debian, etc. and magically arms it with hundreds of penetration testing and forensics tools. All of these run with almost native performance as containers utilize the host kernel and thus is a...

TheCl0n3r - Tool To Download And Manage Your Git Repositories

TheCl0n3r will allow you to download and manage your git repositories. Preface About 90% of the penetration testing tools used in my experience can be found primarily on github. The aim of this was to make it easier to download, update and delete these git repositories. If moving to a new testing...

[SECURITY] Fedora 32 Update: python34-3.4.10-11.fc32

Python 3.4 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.4, see other distributions that support it, such as CentOS or RHEL with Software...

Nuubi Tools - Information Ghatering, Scanner And Recon

Nuubi Tools: Information-ghatering|Scanner|Recon Options: -h/--help | Show help message and exit Arguments: -b/--banner | Banner grabing of target ip address -s/--subnet | Subnetlookup of target -c/--cms | Cms detect with headers -d/--dns | Dnslookup of target domain -e/--extract | Extract links...

Gitjacker - Leak Git Repositories From Misconfigured Websites

Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a repository even where directory listings are disabled. For educational/penetration testing use only...

CVE-2020-24301

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

Design/Logic Flaw

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

CVE-2020-24301

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

Cross-site Scripting

Users of the HAPI FHIR Testpage Overlay can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believ...

This One Time on a Pen Test: Doing Well With XML

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. Most...

The vulnerability of microprogramming software in Intel Server Boards S2600ST, S2600BP, and S2600WF exists due to insufficient testing of input data. This vulnerability allows attackers to increase their privileges.

The vulnerability of the microprogramming software on Intel Server Board S2600ST, S2600BP, and S2600WF exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to increase their privileges...

[SECURITY] Fedora 33 Update: rubygem-activemodel-6.0.3.3-1.fc33

A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing...

[SECURITY] Fedora 33 Update: rubygem-activesupport-6.0.3.3-1.fc33

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing...

[SECURITY] Fedora 33 Update: rubygem-actionmailer-6.0.3.3-1.fc33

Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments...

[SECURITY] Fedora 33 Update: rubygem-actionpack-6.0.3.3-2.fc33

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

openSUSE Security Update : go1.14 (openSUSE-2020-1584)

This update for go1.14 fixes the following issues : - go1.14.9 released 2020-09-09 includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages. Refs bsc1164903 go1.14 release tracking - go41192 net/http/fcgi: race detected during execution of...

openSUSE Security Update : go1.14 (openSUSE-2020-1587)

This update for go1.14 fixes the following issues : - go1.14.9 released 2020-09-09 includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages. Refs bsc1164903 go1.14 release tracking - go41192 net/http/fcgi: race detected during execution of...

Fedora: Security Advisory for rubygem-activemodel (FEDORA-2020-4dd34860a3)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

This is a PoC exploit for CVE-2017-12149, a remote code execution vulnerability in JBoss. The exploit is written in Python and uses the requests library to send a crafted request to the target JBoss server. The exploit payload is encoded in hexadecimal and is injected into the request as a crafte...