7422 matches found
DNS reconnaissance tool: Fierce
Fierce is a DNS reconnaissance tool for locating non-contiguous IP space Fierce is a semi-lightweight scanner that helps locate non-contiguous IP space and hostnames against specified domains. It’s really meant as a pre-cursor to nmap, unicornscan, nessus, nikto, etc, since all of those require...
WordPress Nelio AB Testing Plugin <= 4.4.4 - Path Traversal
This vulnerability allows attackers to read the contents of files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker is able to bypass that mechanism. Solution Update the plugin...
Nelio AB Testing <= 4.4.4 - Path Traversal
The Nelio AB Testing WordPress plugin was affected by a Path Traversal security vulnerability...
Hacker Arrested after Exposing Flaws in Elections Site
A security researcher responsibly disclosed vulnerabilities in the poorly secured web domains of a Florida county elections, but he ended up in handcuffs on criminal hacking charges and jailed for six hours Wednesday. Security researcher David Michael Levin, 31, of Estero, Florida was charged wit...
CANToolz aka YACHT (Yet Another Car Hacking Tool) - Framework for Black-Box CAN Network Analysis
CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MIT...
IDS IPS Testing Framework: pytbull
pytbull is an Intrusion Detection/Prevention System IDS/IPS Testing Framework for Snort, Suricata and any IDS/IPS that generates an alert file. It can be used to test the detection and blocking capabilities of an IDS/IPS, to compare IDS/IPS, to compare configuration modifications and to...
Litesploit - Library and Intepreter for Penetration Testing Tools
Litesploit is a library and intepreter for penetration testing tools. This includes exploits, tools and litepreter. Litesploit support for Linux like ubuntu or debian, and more distro penetration testing like BackBox and Kali Linux. Platform | Support ---|--- Linux Ubuntu | Yes Linux Debian | Yes...
Oracle ATS DownloadServlet scriptName Directory Traversal (CVE-2016-0478)
A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI with parameter scriptName. A remote unauthenticated attacker can exploit this vulnerability by...
Oracle Application Testing Suite DownloadServlet file Directory Traversal (CVE-2016-0482)
A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with the "file" parameter. A remote unauthenticated attacker can exploit this vulnerability by sendin...
Oracle Application Testing Suite DownloadServlet scriptPath Directory Traversal (CVE-2016-0484)
A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter scriptPath. A remote, unauthenticated attacker can exploit this vulnerability by...
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
Exploit for multiple platform in category dos / poc Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39768.zip Y...
OpenSSL - Padding Oracle in AES-NI CBC MAC Check
Source: http://web-in-security.blogspot.ca/2016/05/curious-padding-oracle-in-openssl-cve.html TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39768.zip You can use TLS-Attacker to build a proof of concept and...
Oracle Application Testing Suite Detection
Binary data oracleapplicationtestingsuiteinstalled.nbin...
Oracle Application Testing Suite Java Object Deserialization RCE (April 2016 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...
BlackArch Linux v2016.04.28 - Penetration Testing Distribution
BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1410 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added new improved BlackArch Linux...
Oracle ATS DownloadServlet exportFileName Directory Traversal (CVE-2016-0486)
A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter exportFileName. A remote unauthenticated attacker can exploit this vulnerability by...
DSA-3564-1 chromium-browser - security update
Bulletin has no description...
Oracle ATS DownloadServlet OTM reportName Directory Traversal (CVE-2016-0485)
A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter reportName.A remote unauthenticated attacker can exploit this vulnerability by sendi...
Oracle ATS DownloadServlet scheduleReportName Directory Traversal (CVE-2016-0481)
A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter scheduleReportName. A remote unauthenticated attacker can exploit this vulnerability...
Oracle ATS DownloadServlet TMAPReportImage Directory Traversal (CVE-2016-0480)
A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/otm/download" URI with parameter TMAPReportImage. A remote unauthenticated attacker can exploit this vulnerability by...