Exploit for Improper Input Validation in Drupal

CVE-2018-7600-Drupal7 CVE-2018-7600【Drupal7】Batch scanning t...

The vulnerability of the software in the SIMATIC S7-300 CPU Family communication module allows a intruder to trigger a service failure.

The vulnerability of the software for the Siemens SIMATIC S7-300 CPU communication module is related to insufficient testing of S7 communication packets. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

The cloud is beige - The demise of black box testing

Black-box penetration testing is dead. Id question why it is even a consideration. Its of limited and dubious value in almost any context. Wait, wait… I didnt mean that. Put down the pitchforks and torches, development and QA teams, Im only talking about black-box penetration testing. Yes,...

Unspecified Vulnerability in HCL Technologies AppScan Standard Edition

HCL Technologies AppScan Standard Edition is a suite of dynamic analysis testing tools from HCL Technologies, India, which is primarily used for web security testing. HCL Technologies AppScan Standard Edition suffers from an unspecified vulnerability that stems from an incorrect account lockout...

HCL Technologies AppScan Standard Edition XXE Vulnerability

HCL Technologies AppScan Standard Edition is a suite of dynamic analysis testing tools from HCL Technologies, India, which is primarily used for web security testing. HCL Technologies AppScan Standard Edition suffers from an XXE vulnerability. An attacker can exploit this vulnerability to disclos...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability class/vector targeted by this repository is Server-Side Template Injection SSTI, specifically in Flask applications. Th...

DEBIAN-CVE-2020-5291

Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...

One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More

One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing Windows, Linux, macOS or even BSD systems or hacking generally with a lot of new features to make all of this fully automated ex: you won't even need to copy the...

shadowbroker-1

This repository, fengzihk/shadowbroker-1, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists various exploits, such as EARLYSHOVEL, EBBISLAND, ECHOWRECKER, EASYBEE, and...

ptf

The Penetration Testers Framework PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. It is a modular framework that installs and updates various penetration testing tools, compiles them, and makes...

OPENSUSE-SU-2020:0377-1 Security update for skopeo

This update for skopeo fixes the following issues: Update to skopeo v0.1.41 bsc1165715: - Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 - Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 - Bump github.com/containers/common from 0.0.7 to 0.1.4 - Remove the reference to openshift/api - vendor...

PayloadsAllTheThings

This repository is an offensive tool for API key and bucket S3 exploitation. It contains tools and exploits for various types of attacks, including CRLF injection, CSRF injection, and API key leaks. The repository includes a variety of scripts and modules for different types of attacks, such as...

XSS-LOADER - XSS Payload Generator / XSS Scanner / XSS Dork Finder

All in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDER Written by Hulya Karabag Instagram: Hulya Karabag Screenshots !https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYc0ykLdiofQcYKiTnhngvBcuOZsgiRAE-IGKdEx2Bi5o8Ca2ymOKEzKKa528oN9OuQRTbNhfk9CwWasvo5bW9b-GPwWiqjWP4g8R...

CMSmap

It is an offensive tool for web application security testing. The primary CVE ID is not present in the provided context, but the tool is designed to automate the process of detecting security flaws in popular Content Management Systems CMSs such as WordPress, Joomla, Drupal, and Moodle. The tool,...

Astra - Automated Security Testing For REST API's

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

The vulnerability of Huawei’s microprogrammed router software arises from insufficient validation of input data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Huawei’s microprogrammed router software exists due to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability in the built-in software of the Intel NUC Kit and Intel Compute Stick exists due to insufficient testing of input data, allowing attackers to exploit it to gain increased privileges.

The vulnerability in the built-in software of Intel NUC Kits and Intel Compute Sticks exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of Intel Graphics Drivers exists due to insufficient validation of input data. This allows attackers to disclose protected information and cause service failures.

The vulnerability of Intel Graphics Drivers exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to disclose protected information and cause service failures...

The vulnerability of Intel microprocessor microprogramming software, related to insufficient testing of privileged states, allows attackers to enhance their privileges or disclose protected information.

The vulnerability of Intel microprogramming software is related to insufficient testing of exception states. Exploiting this vulnerability can allow attackers to enhance their privileges or disclose protected information...

PayloadsAllTheThings

This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security vulnerabilities and penetration testing. The repository includes tools and exploits for vulnerabilities such as CRLF injection,...