Exploit for CVE-2018-11776

struts-pwn - CVE-2018-11776 Exploit ============ An explo...

Lynis 2.6.8 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Federal Aviation Administration GPS Testing

Overview The US Federal Aviation Administration FAA has issued two flight advisories identifying planned Global Positioning System GPS temporary outages and the affected areas, due Department of Defense testing. During testing, the GPS signal may be unreliable or unavailable. ICS-CERT is issuing...

Use of uninitialized memory in temporary

Uninit memory is used as a RNG seed in temporary The following function is used as a way to get entropy from the system, which does operations on and exposes uninit memory, which is UB. rust fn randomseed: &Path, : &str - u64; 2 use std::mem::uninitialized as rand; unsafe rand:: ^ 0x12345678,...

Kali Linux 2018.3 Release - Penetration Testing and Ethical Hacking Linux Distribution

Kali 2018.3 brings the kernel up to version 4.17.0 and while 4.17.0 did not introduce many changes, 4.16.0 had a huge number of additions and improvements including more Spectre and Meltdown fixes, improved power management, and better GPU support. New Tools and Tool Upgrades Since our last...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

This repository is an offensive tool for a vulnerability environment. It is a Docker-Compose file for a vulnerability environment. The repository contains a .gitignore file, a README.md file, and several other files that are used to configure the environment. The .gitignore file contains a list o...

Introducing a Burp Extension for Integration with Qualys Web Application Scanning

Qualys offers a wide array of security and compliance solutions for your organization. All capabilities are delivered from Qualys Cloud Platform. Visit Qualys Cloud Platform Apps to learn more. But let's narrow the discussion to web application security. To have a complete webappsec program, it's...

RouterSploit v3.3.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

Lynis 2.6.7 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Free Facial Recognition Tool Can Track People Across Social Media Sites

Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale. Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media...

Free Facial Recognition Tool Can Track People Across Social Media Sites

Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale. Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media...

Hcxdumptool - Small Tool To Capture Packets From Wlan Devices

Small tool to capture packets from wlan devices. After capturing, upload the "uncleaned" cap here https://wpa-sec.stanev.org/?submit to see if your ap or the client is vulnerable by using common wordlists. Convert the cap to hccapx and/or to WPA-PMKID-PBKDF2 hashline 16800 with hcxpcaptool hcxtoo...

UPDATED VERSION: RouterSploit 3.3.0

PenTestIT RSS Feed Since my last update, this router exploitation framework have gone through a lot of updates. This post is about RouterSploit 3.3.0 code named I Know You Were Trouble. We will also discuss changes made to and an earlier version 3.2.0 to maintain a chain with the hopes that I kee...

openSUSE Security Update : libgcrypt (openSUSE-2018-795)

This update for libgcrypt fixes the following issues : The following security vulnerability was addressed : - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed : - Extended the fipsdrv dsa-sign and...

Security update for libgcrypt (moderate)

This update for libgcrypt fixes the following issues: The following security vulnerability was addressed: - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures bsc1097410. The following other issues were fixed: - Extended the fipsdrv dsa-sign and dsa-veri...

Consumer DNA Testing Takes a Step Towards Privacy, Transparency

A group of well-known genetic testing providers have partnered with the Future of Privacy Forum FPF to establish privacy guidelines for handling information about what is arguably the most personal private information there is: DNA. Consumer-grade DNA testing – i.e., services that allow folks at...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This repository is an offensive tool for a vulnerability environment. It is a collection of Docker Compose files for various vulnerabilities, allowing users to easily set up and test vulnerable environments. The repository includes files for vulnerabilities such as CVE-2016-9086, CVE-2017-1000353...

Node.js third-party modules: Code Injection Vulnerability in zombie Package

I would like to report a code injection vulnerability in zombie. It allows crawled websites to access privileged APIs such as the file system or child process. Module module name: zombie version: 6.1.2 npm page: https://www.npmjs.com/package/zombie Module Description Insanely fast, headless...

My Video Converter 1.5.24 Buffer Overflow

!/usr/bin/env python Exploit Title : My Video Converter 1.5.24 - Remote Buffer Overflow Discovery by : Shubham Singh Known As : Spirited Wolf Twitter: @Pwsecspirit Email : [email protected] Youtube Channel : www.youtube.com/c/Pentestingwithspirit Discovey Date : 29/07/2018 Software Link...

[SECURITY] Fedora 27 Update: dnsperf-2.1.0.0-17.fc27

This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf1 and resperf1 man pages...