Pregnancy Test & Symptom Quiz - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Pregnancy Test & Symptom Quiz published at the 'play' market has multiple vulnerabilities...

DSA-3537-1 imlib2 - security update

Bulletin has no description...

PentestBox 2.0 - Portable Penetration Testing Distribution for Windows Environments

PentestBox provides all security tools as a software package, eliminating requirement of Virtual machines or dualboot environments on Windows Operating System. It is created because more than 50% of penetration testing distribution users uses windows. Source So it provides an efficient platform f...

C2Box 4.0.0(r19171) Validation Bypass

Title: Validation Bypass in C2Box application allows user to input negative value Author: Harish Ramadoss Vendor: boxautomationB.A.S Product: C2Box Version: All versions below 4.0.0r19171 Tested Version: Version 4.0.0r19171 Severity: Medium CVE Reference: 2015-4626 About the Product: B.A.S C2Box...

Kautilya - Tool for easy use of Human Interface Devices for offensive security and penetration testing

Kautilya is a toolkit which provides various payloads for a Human Interface Device which may help in breaking in a computer during penetration tests. List of Payloads Windows Gather Gather Information Hashdump and Exfiltrate Keylog and Exfiltrate Sniffer WLAN keys dump Get Target Credentials Dump...

DSA-3529-1 redmine - security update

Bulletin has no description...

DSA-3527-1 inspircd - security update

Bulletin has no description...

XSS Hunter – A Modern Approach to Testing for Cross-site Scripting (XSS)

Cross-site Scripting XSS origins go arguably back to a lab in Microsoft in 1999. With the first disclosure of the issue titled “ Malicious HTML Tags Embedded in Client Web Requests “, this research sparked an entire generation of an attack that somehow still seems to persist in modern web...

DSA-3525-1 pixman - security update

Bulletin has no description...

Al-Khaser - Public Malware Techniques Used In The Wild

al-khaser is a PoC malware with good intentions that aimes to stress your anti-malware system. It performs a bunch of nowadays malwares tricks and the goal is to see if you catch them all. Possible uses You are making an anti-debug plugin and you want to check its effectiveness. You want to ensur...

Oracle Application Testing Suite UploadFileAction fileType Directory Traversal (CVE-2016-0491)

A directory traversal vulnerability exists in Oracle Application Testing Suite. The vulnerability is due to insufficient input validation when processing HTTP request sent to URI "/olt/UploadFileUpload.do". A remote attacker can exploit this vulnerability by sending a malicious request to the...

Lynis 2.2.0 - Security Auditing Tool for Unix/Linux Systems

Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems. It runs on the host itself, so it can perform very extensive security scans. Supported operating system...

Oracle Application Testing Suite DownloadServlet reportName Directory Traversal (CVE-2016-0476)

A directory traversal vulnerability has been reported in Oracle Load Testing component of Oracle Application Testing Suite. The vulnerability is caused due to improper handling of path names when downloading files via the Oracle Load Testing component. Unauthenticated remote attackers could explo...

DSA-3524-1 activemq - security update

Bulletin has no description...

[SECURITY] Fedora 22 Update: rubygem-actionpack-4.2.0-4.fc22

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 23 Update: jenkins-1.625.3-3.fc23

Jenkins is an award-winning, cross-platform, continuous integration and continuous delivery application that increases your productivity. Use Jenkins to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for...

[SECURITY] Fedora 23 Update: rubygem-actionpack-4.2.3-5.fc23

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

Oracle Application Testing Suite ReportImage tempfilename Directory Traversal (CVE-2016-0489)

A directory traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation in the Oracle Test Manager component while processing the HTTP request parameter tempfilename. A remote, authenticated attacker could exploit this...

Fix weblogic JAVA deserialization vulnerability of a variety of methods-vulnerability warning-the black bar safety net

The current oracle is also not in the publicly released weblogic JAVA deserialization vulnerability official patch currently see the repair method is nothing more than two: Use SerialKiller replace the sequence of operation of the ObjectInputStream class; In does not affect the business case, the...

Debian: Security Advisory (DSA-3509-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...