Facebook Messenger adds End-to-End Encryption (Optional) for Secret Conversations

Facebook has begun rolling out end-to-end encryption for its Messenger app, thus making its users' conversations completely private. The end-to-end encryption feature, dubbed "Secret Conversations," will allow Messenger users to send and receive messages in a way that no one, including the FBI wi...

The vulnerability of the network virtualization tool for testing software from HP Network Virtualization allows a hacker to read arbitrary files.

The vulnerability of the network virtualization tool for testing software from HP Network Virtualization. Exploiting this vulnerability could allow a malicious actor, operating remotely, to read arbitrary files using a specially crafted URL when accessing components like HttpServlet or...

DSA-3615-1 wireshark - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3615-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-3608-1 libreoffice - security update

Bulletin has no description...

pytbull - Intrusion Detection/Prevention System (IDS/IPS) Testing Framework

pytbull is an Intrusion Detection/Prevention System IDS/IPS Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to...

Exploit for HTTP Response Splitting in Python

CVE-2016-5699-poc PoC code of CVE-2016-...

SimpleEmailSpoofer - A simple Python CLI to Spoof Emails (SPF/DMARC checking)

A few Python programs designed to help penetration testers with email spoofing. SimpleEmailSpoofer.py A program that spoofs emails. Currently in development spoofcheck.py A program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that...

RIPS automated mining Typecho source code security vulnerabilities-vulnerability warning-the black bar safety net

RIPS is a source code analysis tool, which uses static analysis technology to automate the mining of the PHP source code for potential security vulnerabilities. Penetration testers can directly easily review the results of the analysis, without review of the entire program code. Since static sour...

Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)

An authentication bypass vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests. A remote attacker can exploit this vulnerability by sending crafted request to the vulnerable server...

OWASP Offensive Web Testing Framework: OWFT

The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming. OWASP OWTF is a project focused on penetration testing efficiency and...

Automated Penetration Testing Toolkit: APT2

This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. All module results are stored on localhost...

Domain penetration--Dump Clear-Text Password after KB2871997 installed-vulnerability warning-the black bar safety net

In penetration testing, the penetration tester will typically use mimikatz from the LSA of the memory to export system's plaintext password, while experienced administrators will often choose to install the patch kb2871997 to limit this behavior. This one relates to what are the interesting...

Oracle Application Testing Suite ActionServlet Authentication Bypass (CVE-2016-0487)

An authentication bypass vulnerability has been reported in the Oracle Application Testing Suite. The vulnerability is due to insufficient input validation by the ActionServlet servlet when processing HTTP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a...

Foxit PDF Reader 1.0.1.0925 - CFX_BaseSegmentedArray::IterateIndex Memory Corruption

Foxit PDF Reader 1.0.1.0925 - CFXBaseSegmentedArray::IterateIndex Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=742 We have identified the following memory corruption vulnerability in Foxit PDF Reader version 1.0.1.0925 for Linux 64-bit, when started with a...

欧朋一处blind xxe利用Cloudeye神器测试

简要描述： 突然想用一用买的Cloudeye 于是就找到了 详细说明： 漏洞地址 http://notify.oupeng.com/notify post数据 %remote; 可以在cloudeye 中看见访问记录 试下file协议 用不了 发出来 大家看一下吧 漏洞证明： 漏洞地址 http://notify.oupeng.com/notify post数据 %remote; 可以在cloudeye 中看见访问记录 https://images.seebug.org/upload/201606/132016543555eb5d39...

DSA-3601-1 icedove - security update

Bulletin has no description...

Firefox Security Toolkit - A Tool that Transforms Firefox Browsers into a Penetration Testing Suite

A tool that transforms Firefox Browsers into a penetration testing suite How? It downloads the most important extensions, and install it on your browser. The used extensions has been chosen by a survey among the information security community. Based on it's results, Firefox Security Toolkit was...

Arch Linux Security Layer: ArchStrike

Arch Linux Security Layer done the Arch Way optimized for i686, x8664, ARMv6, and ARMv7 An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x8664, ARMv6, and ARMv7. ArchStrike is a penetration testing and security layer on top of Arch...

Very fast network stress tool: T50

T50 f.k.a. F22 Raptor is a tool designed to perform “Stress Testing”. The concept started on 2001, right after release ‘nb-isakmp.c’, and the main goal was: Having a tool to perform TCP/IP protocol fuzzer, covering common regularprotocols, such as: ICMP, TCP and UDP. Things have changed, and the...