IBM Security Website Cross Site Scripting

Exploit Title: IBM Security WebSite Cross-Site Scripting Google Dork: N/A Date: 2016/2/5 Exploit Author: RootByte Vendor Homepage: www.ibm.com/security/ Software Link: N/A Version: N/A Tested on: Windows 10 / FireFox 44.0 CVE : N/A about Wikipedia: International Business Machines Corporation...

COMODO Cross Site Scripting

Exploit Title: COMODO Subdomain XSS Vulnerability Google Dork: N/A Date: 2016/2/3 Exploit Author: RootByte Vendor Homepage: http://personalfirewall.comodo.com/ Software Link: N/A Version: N/A Tested on: Windows 10 / FireFox 44.0 CVE : N/A about Wikipedia: COMODO is a privately held group of...

Fast and Full Featured SSL Scanner: SSLyze

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify mis-configurations affecting their SSL servers. SSLyze is all Python code but it uses an OpenSSL wrapper...

Python Fuzzing Framework: Kitty

Kitty is an open-source modular and extensible fuzzing framework written in python, inspired by OpenRCE’s Sulley and Michael Eddington’s and now Deja Vu Security’s Peach Fuzzer . Goal The goal of Kitty was to help with fuzzing unusual targets — proprietary and esoteric protocols over non-TCP/IP...

RouterhunterBR 2.0 - Automated Tool for Testing in Vulnerable Routers

The RouterhunterBR is an automated security tool que finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. The RouterhunterBR was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability...

The IOT era rights abuse of the vulnerability of attack and Defense-bug warning-the black bar safety net

Permissions for the abuse of Vulnerability in addition to on android Real machine debugging scenario other than there are many other scenarios. In the field of Internet of things applications is particularly extensive. For example: a smart TV can be allowed remotely through the network debugging,...

Avira Cross Site Scripting

Exploit Title: AVIRA Subdomain XSS Vulnerability Google Dork: N/A Date: 2016/1/29 Exploit Author: RootByte Vendor Homepage: http://translate.avira.com Software Link: N/A Version: N/A Tested on: Windows 10 / FireFox CVE : N/A Vulnerable Location: http://translate.avira.com/accounts/login/ Variable...

x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version

x8664 Linux shellreversetcp with Password - Polymorphic Version. Shellcode exploit for linx86-64 platform /--------------------------------------------------------------------------------------------------------------------- / Title: tcp reverse shell with password polymorphic version 122 bytes...

DSA-3454-1 virtualbox - security update

Bulletin has no description...

[SECURITY] [DSA 3454-1] virtualbox security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3454-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 27, 2016 https://www.debian.org/security/faq -...

V3n0M-Scanner - Popular SQLi and Pentesting Scanner

V3n0M runs on Python3 Live Project - Readding old features back in and improved for Python3 v3n0m is a free and open source scanner. Evolved from baltazar's scanner, it has adapted several new features that improve fuctionality and usability. It is mostly experimental software. This program is fo...

[SECURITY] [DSA 3453-1] mariadb-10.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3453-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 25, 2016 https://www.debian.org/security/faq -...

Oracle Application Testing Suite filename Header Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UploadServlet servlet. By providing a filename header containing ...

Oracle Application Testing Suite DownloadServlet reportName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet. By providing a reportName parameter containi...

Oracle Application Testing Suite DownloadServlet scheduleReportName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a scheduleReportName...

Oracle Application Testing Suite DownloadServlet file Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing a file parameter...

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl function used for the admin pages. This function has a list of URI entries which do not require authentication...

Oracle Application Testing Suite UploadFileAction Servlet Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required but can be bypassed. The specific vulnerability is in the UploadFileAction servlet. By providing a fileType parameter of "", an attacker...

Oracle Application Testing Suite DownloadServlet exportFileName Parameter Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to exfiltrate arbitrary files on vulnerable installations of Oracle Application Testing Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DownloadServlet servlet. By providing an exportFileName...

Oracle Application Testing Suite Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the ActionServlet servlet. The process method for this servlet will bypass authentication if the URI starts with a specific string. ...