[SECURITY] Fedora 31 Update: python36-3.6.11-1.fc31

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

WordListGen - Super Simple Python Word List Generator For Fuzzing And Brute Forcing In Python

Super Simple Python Word List Generator for Password Cracking Hashcat! I know what your are thinking. Why create another word list generator? Well, I needed something very simple I could modify on the fly to get the exact character generators for the task at hand. This script is fully functional ...

HCL AppScan Cross-Site Scripting Vulnerability

HCL AppScan is a suite of dynamic analysis testing tools from HCL India, which is primarily used for web security testing. A cross-site scripting vulnerability exists in HCL AppScan Enterprise Edition version 10.0.0 and earlier. The vulnerability stems from the lack of proper validation of...

Unspecified Vulnerability in HCL AppScan Enterprise advisory API

HCL AppScan Enterprise is a suite of dynamic analysis and testing tools from HCL India, which is primarily used for web security testing. A security vulnerability exists in the Advisory API documentation in HCL AppScan Enterprise 10.0.0 and earlier versions. The vulnerability can be exploited by ...

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...

[SECURITY] Fedora 32 Update: gst-0.7.4-1.fc32

GST is a GTK system utility designed to stress and monitoring various hardw are components like CPU and RAM. - Run different CPU and memory stress tests - Run multi and single core benchmark - Show Processor information name, cores, threads, family, model, stepping, flags,bugs, etc - Show...

PHP 7.4 FFI - 'disable_functions' Bypass

?php / FFI Exploit - uses 3 potential BUGS. PHP was contacted and said nothing in FFI is a security issue. Able to call system$cmd without using FFI::load or FFI::cdefs BUG 1 maybe intended, but why have any size checks then? no bounds check for FFI::String when type is ZENDFFITYPEPOINTER...

[SECURITY] Fedora 32 Update: python36-3.6.11-1.fc32

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Mail.ru: Открытая админка Tarantool

Testing installation of internal Tarantool admin inteface without actual users data was available from external network...

Unauthorized Access Vulnerability in Information Management System of Construction Engineering Testing Laboratory of Wuhan Fustek Innovative Information Technology Co.

Founded in 2012, Wuhan Fustek Innovative Information Technology Co., Ltd. is a national high-tech enterprise and double-soft certified enterprise. Wuhan Fustek Innovative Information Technology Co., Ltd. construction engineering testing laboratory information management system there is an...

Add Ergonomic Security to Your CI/CD Pipeline

Wikipedia defines ergonomics as “the application of psychological and physiological principles to the engineering and design of products, processes, and systems. The goal … is to reduce human error, increase productivity, and enhance safety and comfort with a specific focus on the interaction...

KITT-Lite - Python-Based Pentesting CLI Tool

The KITT Penetration Testing Framework was developed as an open source solution for pentesters and programmers alike to compile the tools they use with what they know into an open source project. With KITT, users are able to easily access a list of commonly used tools to their profession which ar...

pocsuite

This is a Python-based framework for remote vulnerability testing and proof-of-concept development, known as Pocsuite. It is developed by the Knownsec Security Team and comes with a powerful proof-of-concept engine, many niche features for penetration testers and security researchers. The framewo...

UsoDllLoader - Windows - Weaponizing Privileged File Writes With The Update Session Orchestrator Service

2020-06-06 Update: this trick no longer works on the latest builds of Windows 10 Insider Preview. This means that, although it still works on the mainstream version ofWindows 10, you should expect it to be patched in the coming months. Description This PoC shows a technique that can be used to...

Kube-Bench - Checks Whether Kubernetes Is Deployed According To Security Best Practices As Defined In The CIS Kubernetes Benchmark

kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark. Tests are configured with YAML files, making this tool easy to update as test specifications evolve. Please Note 1. kube-bench implements the CIS...

Rapid7 Metasploit Pro Cross-Site Scripting Vulnerability

Rapid7 Metasploit Pro is a suite of penetration testing software from the US company Rapid7. A cross-site scripting vulnerability exists in Rapid7 Metasploit Pro. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this...

Pocsuite

This repository is an offensive tool for penetration testing and vulnerability assessment. It is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. The primary purpose of this tool is to assist penetration testers and...

IntruderPayloads

A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists...

InQL - A Burp Extension For GraphQL Security Testing

A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. InQL Stand-Alone CLI Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata...

Lynis 3.0.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...