Apache Tika 1.15 - 1.17 - Header Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Apache Tika versions 1.15 through 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic byte checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at...

ruby:2.5 security update

ruby 2.5.3-104 - Prohibit arbitrary code execution when installing a malicious gem. Resolves: CVE-2019-8324 rubygem-mongo 2.5.1-2 - Disable tests to fix FTBFS by dropped MongoDB module. Resolves: rhbz1710863 rubygem-pg 1.0.0-2 - Assign a random testing port...

metasploit-framework

This is an offensive tool for the Metasploit Framework. The Metasploit Framework is a penetration testing platform that provides a comprehensive set of tools for exploiting vulnerabilities in software applications. It is primarily used by security researchers and penetration testers to identify a...

From E-Commerce to Enterprise Employee: How I Overcame my Fears and Doubts

By Efrat Silberhaft One year ago, I was working as the sole designer in a small e-commerce startup. When the company shut down, I had to start looking for a new job. I decided to leave the startup world. What I didn't know is that my next step would turn out to be in a different field —...

Black Hat USA 2019 Preview

Las Vegas – Despite bizarre reports of a grasshopper infestation, Black Hat USA 2019 and DEF CON are set to kick off next week in Las Vegas, bringing on a wave of sessions, keynotes and security-themed villages. The Threatpost team, which will be on the frontlines of next week’s shows, discuss wh...

WeebDNS - DNS Enumeration With Asynchronicity

DNSEnumeration Tool with Asynchronicity. Features WeebDNS is an 'Asynchronous' DNS Enumeration Tool made with Python3 which makes it much faster than normal Tools. PREREQUISITES Python 3.x pip3 git PYTHON 3 PREREQUISITES aiohttp asyncio aiodns Installation Resolve dependencies Ubuntu/Debian Syste...

Uncompyle6 - A Cross-Version Python Bytecode Decompiler

A native Python cross-version decompiler and fragment decompiler. The successor to decompyle, uncompyle, and uncompyle2. Introduction uncompyle6 translates Python bytecode back into equivalent Python source code. It accepts bytecodes from Python version 1.3 to version 3.8, spanning over 24 years ...

Exploit for OS Command Injection in Exim

StickyExim !https://bretstaton.com/images/articleimages/ex...

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Design/Logic Flaw

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2019-2727

Oracle Application Testing Suite (subcomponent: Load Testing for Web Apps) in Oracle Enterprise Manager Products Suite, version 13.3, is affected by CVE-2019-2727. The vulnerability allows unauthenticated, network-based access via HTTP to compromise data: unauthorized update/insert/delete and rea...

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2019-2727

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite subcomponent: Load Testing for Web Apps. The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Learn Ethical Hacking From Scratch — 2019 Training Bundle

The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to fi...

Learn Ethical Hacking From Scratch — 2019 Training Bundle

The world of cybersecurity is fast-paced and ever-changing. New attacks are unleashed every day, and companies around the world lose millions of dollars as a result. The only thing standing in the way of cybercrime is a small army of ethical hackers. These cybersecurity experts are employed to fi...

Exploit for Use After Free in Microsoft

bluekeep Public work for CVE-2019-0708 2019-11-17 Updat...

Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers

Dockernymous is a start script for Docker that runs and configures two individual Linux containers in order act as a anonymisation workstation-gateway set up. It's aimed towards experienced Linux/Docker users, security professionals and penetration testers! The gateway container acts as a...

Parrot Security 4.7 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Parrot is a GNU/Linux distribution based on Debian Testing and designed with Security, Development and Privacy in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own software or protect your privacy while...

Oracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities: - A deserialization vulnerability exists in Apache Commons FileUpload library. An unauthenticated, remote attacker can exploit this, via customized Java serialised object, to...