WIMAX MT711x - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Exploit Title: WIMAX MT711x - Multiple Vulnerabilities Date: ˝Friday, ˝December ˝11, ˝2015 Exploit/Vulnerability Author: Alireza Azimzadeh Milani alimp5 Vendor Homepage: http://www.seowonintech.co.kr/en/ Version: V311149CPE Tested on:...

OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications OpenMRS 2.3 1.11.4 Multiple Cross-Site Scripting Vulnerabilities Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenM...

Xiaopan OS - Pentesting Distribution for Wireless Security Enthusiasts

Xiaopan OS is an easy to use software package for beginners and experts that includes a number of advanced tools to penetrate wireless networks. Based on the Tiny Core Linux TCL operating system OS, it has a slick graphical user interface GUI requiring no need for typing Linux commands. Xiaopan O...

[SECURITY] Fedora 23 Update: rubygem-flexmock-2.0.2-1.fc23

FlexMock is a simple, but flexible, mock object library for Ruby unit testing...

SAP Afaria - Authorization bypass, Insecure signature

Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: Authorization bypass Reported: 12.03.2015 Vendor response: 13.03.2015 Date of Public Advisory: 12.05.2015 Reference: SAP Security Note 2134905 Authors: Dmitry Chastukhin ERPScan Description An anonymous attacker can spoof a...

DSA-3412-1 redis - security update

Bulletin has no description...

Katana - Framework for Hackers, Professional Security and Developers

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not...

HumHub 0.11.2 and 0.20.0-beta.2 - SQL 注入漏洞

寻找SQL注入的一般步骤： 1、寻找数据输入（表单） 2、注入数据 3、检测异常响应，像HTTP的500错误，SQL报错 该过程可以借助多种工具实现自动化。 用AWVS检测出 /index.php 可能存在SQL注入。 以下地址会报SQL错误，from 字段是注入点: http://localhost/index.php?from=1'"&limit=10&mode=activity&r=space/space/stream&sguid=e9659cfc-886f-4524-94ae-1721999ad43b...

BlackArch Linux v2015.11.24 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1308 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. The BlackArch Live ISO contains multiple window...

glibc security, bug fix, and enhancement update

2.17-105.0.1 - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. 2.17-105 - Fix up test case for initial-exec fix 1248208. 2.17-104 - Mark all TLS variables i...

[SECURITY] Fedora 23 Update: jenkins-1.625.2-2.fc23

Jenkins is an award-winning, cross-platform, continuous integration and continuous delivery application that increases your productivity. Use Jenkins to build and test your software projects continuously making it easier for developers to integrate changes to the project, and making it easier for...

SuperScan 4.1 - Scan HostnameIP Field Buffer Overflow

SuperScan 4.1 - Scan HostnameIP Field Buffer Overflow !/usr/bin/env python -- coding: utf-8 -- Exploit Title : SuperScan 4.1 Scan Hostname/IP Field Buffer Overflow Crash PoC Discovery by : Luis Martínez Email : [email protected] Discovery Date : 18/11/2015 Vendor Homepage :...

Jenkins “Java 反序列化”过程远程命令执行漏洞

漏洞原理 反序列化是指特定语言中将传递的对象序列化数据重新恢复为实例对象的过程，而在这个过程中会执行一系列的字节流解析和对象实例化操作用于恢复之前序列化时的对象。在原博文所提到的那些 Java 应用里都有特定的接口用于传递序列化对象数据，而在反序列化时并没有限制实例化对象的类型，导致可以任意构造应用中已经包含的对象利用反序列化操作进行实例化。 Java 在进行反序列化操作的时候会使用 ObjectInputStream 类调用 readObject...

Email Reconnaissance Tool: SimplyEmail

This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Current Platforms Supported: Kali Linux 2.0 A few...

OWASP Mth3l3m3nt Framework

OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots,...

[SECURITY] [DSA 3395-1] krb5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3395-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 06, 2015 https://www.debian.org/security/faq -...

DSA-3395-1 krb5 - security update

Bulletin has no description...

DSA-3394-1 libreoffice - security update

Bulletin has no description...

RHEL 7 : libreswan (RHSA-2015:1979)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:1979 advisory. Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both...

KeeFarce - Extracts Passwords From A Keepass 2.X Database, Directly From Memory

KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData% General Design KeeFarce uses DLL injection to execute code within the context of a runnin...