Inchoo Facebook Connect Cross Site Scripting

https://www.osisecurity.com.au/inchoo-facebook-connect-extension-for-magento-parameter-xss.html Date: 04-Apr-2017 Product: Inchoo Facebook Connect Magento Plugin Vulnerability: Reflected cross-site scripting. Details: Within ./app/code/community/Inchoo/Facebook/Block/Channel.php return 'isSecure ...

Trimble / Manhattan Software IWMS 9.x XXE Injection

https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workplace-management-system-xml-external-entity-xxe-injection-file-disclosure.html Date: 04-Apr-2017 Product: Trimble / Manhattan Software IWMS integrated workplace management system Versions affected: 9.x Vulnerability: XML Extern...

Kaseya VSA 6.5.0.0 XSS / Brute Force

https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeration-and-bruteforce-weakness.html Date: 04-Apr-2017 Software: Kaseya Affected version: Kaseya VSA v6.5.0.0. Vulnerability details: 1. The "forgot password" function at https://target/access/logon.asp reveals whether a username i...

Form-based File Upload

The design of many web applications require that users be able to upload files that will either be stored or processed by the receiving web server. Scanner has flagged this not as a vulnerability, but as a prompt for the penetration tester to conduct further manual testing on the file upload...

Web Application Vulnerability Testing: ZAProxy

Web Application Vulnerability Testing The OWASP Zed Attack Proxy ZAP is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are...

NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow Exploit

Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlangavi Stack...

metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of exploit modules and tools for penetration testing and vulnerability assessment. The framework is written in Ruby and is widely used by security professionals and researchers. The repository contains a large number of...

A Red Teamer’s guide to pivoting

A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...

CVE-2017-0022

Microsoft XML Core Services MSXML in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for...

CVE-2017-0022

CVE-2017-0022 affects Microsoft XML Core Services (MSXML) across multiple Windows OS versions; vulnerability stems from improper handling of memory objects, enabling an attacker to determine whether a file exists on disk via a crafted web site. Public sources classify it as an information-disclos...

SSLsplit - transparent SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis and penetration testing. SSLsplit is designed to transparently terminate connections that are redirected to it using a...

Fileless Malware Campaigns Tied to Same Attacker

Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group. The campaigns, disclosed by Kaspersky Lab and Cisco’s Talos research outfit in the last five weeks, made extensive use of fileless malware a...

Intel, Microsoft Announce New Bug Bounties

Intel announced its first bug bounty program, offering up to $30,000 to researchers who find critical vulnerabilities in its hardware. The invite-only program, which is being run on the HackerOne platform, was announced today at the CanSecWest conference in Vancouver. Intel said its software,...

Announcing the new Bug Bounty Program for Office Insider Builds on Windows

We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows. The Office Bug Bounty Program complements our...

Announcing the new Bug Bounty Program for Office Insider Builds on Windows

We’ve engineered Office to be secure by design and continually invest in enhancing its security capabilities. In the spirit of maintaining a high security bar in Office, we’re launching the Bug Bounty Program for Office Insider Builds on Windows. The Office Bug Bounty Program complements our...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

cve-2017-5638 cve-2017-5638 Vulnerable site sample This proje...

struts-pwn - An exploit for Apache Struts CVE-2017-5638

An exploit for Apache Struts CVE-2017-5638 Usage Testing a single URL. python struts-pwn.py --url 'http://example.com/struts2-showcase/index.action' -c 'id' Testing a list of URLs. python struts-pwn.py --list 'urls.txt' -c 'id' Checking if the vulnerability exists against a single URL. python...

PT-2017-1642 · Microsoft · Windows Server 2012 +9

Name of the Vulnerable Software and Affected Versions: Microsoft XML Core Services MSXML versions in Windows 10 Gold, 1511, and 1607 Microsoft XML Core Services MSXML in Windows 7 SP1 Microsoft XML Core Services MSXML in Windows 8.1 Microsoft XML Core Services MSXML in Windows RT 8.1 Microsoft XM...

VulnCheck KEV: CVE-2017-0022

Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

struts-pwn ============ An exploit for Apache Struts CVE-...