OpenSSL DROWN drown vulnerability detection and repair method-vulnerability warning-the black bar safety net

A, vulnerability Description: The now popular server and client to use TLS encryption,SSL and TLS protocols to ensure that users are surfing the Internet,shopping,instant messaging and not be read by third parties. DROWNdrownvulnerabilities allow an attacker to compromise the encryption system,by...

[SECURITY] [DSA 3504-1] bsh security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3504-1 [email protected] https://www.debian.org/security/ Sebastien Delafond March 04, 2016 https://www.debian.org/security/faq -...

Wordpress-Exploit-Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in...

DSA-3502-1 roundup - security update

Bulletin has no description...

Recursively Crawl Single Page Applications: htcap

htcap is a web application scanner able to crawl single page application SPA in a recursive manner by intercepting ajax calls and DOM changes. Htcap is not just another vulnerability scanner since it’s focused mainly on the crawling process and uses external tools to discover vulnerabilities. It’...

Machine Learning Linux IPS: Stratosphere

This is the linux version of the Stratosphere IPS, a behavioral-based intrusion detection and prevention system that uses machine learning algorithms to detect malicious behaviors. It is part of a larger suite of programs that include the Stratosphere Windows IPS and the Stratosphere Testing...

[SECURITY] Fedora 23 Update: rubygem-actionpack-4.2.3-4.fc23

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 23 Update: rubygem-activemodel-4.2.3-2.fc23

Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...

[SECURITY] Fedora 22 Update: rubygem-actionpack-4.2.0-3.fc22

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 22 Update: rubygem-activemodel-4.2.0-2.fc22

Rich support for attributes, callbacks, validations, observers, serialization, internationalization, and testing. It provides a known set of interfaces for usage in model classes. It also helps building custom ORMs for use outside of the Rails framework...

SQLMap - Automatic SQL Injection And Database Takeover Tool

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

DSA-3486-1 chromium-browser - security update

Bulletin has no description...

Smod - MODBUS Penetration Testing Framework

smod is a modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x. Feel free to make pull requests, if...

PyScan-Scanner - Vulnerability Scanner With Custom Payload

REQUIRE urllib2 BeautifulSoup requests START Change database information $bdd = new PDO'mysql:host=localhost;dbname=pyscan', 'user', 'password'; Update a Python gate panelurl = "http://localhost/pyscan/" gatescraper = "cmd/gate.php" gatescanner = "cmd/scan.php" gatevuln = "cmd/vuln.php" gatepaylo...

Powershell Penetration Testing Framework: Pentestly

Python Powershell penetration testing framework Pentestly is a combination of expanding Python tools designed for use in penetration tests. The goal is to utilize a familiar user interface while making contributions to the framework easy with the power of Python. Current features Import NMAP XML...

NoSQLMap v0.6 - Automated NoSQL Database Pwnage

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...

New Relic: Unauthorized Access

Summary of Findings ------------------------------- The remote server https://download.newrelic.com allowed unauthenticated access to special access files that are only intended to be accessible after contacting the New Relic program managers as seen below. Exploiting the...

Damn Vulnerable Web Services: DVWS

Damn Vulnerable Web Services is a vulnerable testing environment that can be used to learn real world web service vulnerabilities. The aim of this project is to aid security professionals in testing their skills and tools in a legal environment. This application is designed to understand the...

Oracle Application Testing Suite UploadServlet filename Directory Traversal (CVE-2016-0490)

A directory path traversal vulnerability exists in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing the HTTP request header filename. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious request to th...

Carbanak 2.0, Metel, GCMAN Borrow from APT Attacks

TENERIFE, Spain— Many bank robbers long ago dropped the stick-up man persona in favor of a keyboard and a reliable password-stealing Trojan. Banking malware, however, may soon not be good enough for the bad guys. More and more are copycatting the techniques deployed by advanced hackers to steal...