7422 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php...
CVE-2015-6584
Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php...
ZAP 2.4.2 - Penetration Testing Tool for Testing Web Applications
The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...
Arris Password of The Day Generator (list.txt)
Arris TM502G、TM602G 路由器进入高级模式时需要密码,这个密码会根据系统日期来自动生成,每天都有不同的密码。 具体算法已经在PoC中给出。 1.直接访问 Arris 路由器会显示路由器的一些信息,不需要任何认证。 2.但是当点击高级菜单的时候,会提示输入密码。 3.如果密码输入错误 4.如果密码输入的是在码表中的正确密码,但是时间不正确,会提示需要相应时间的密码: 5.当提交正确的密码后进入到高级设置: ---- PoC 默认使用调用者当前系统时间,如果时间与路由器时间不符合,会自动处理 如果调用者要手动指定时间,可以使用 --extra-params...
Google Android - Stagefright Remote Code Execution
Google Android - Stagefright Remote Code Execution !/usr/bin/env python Joshua J. Drake @jduck of ZIMPERIUM zLabs Shout outs to our friends at Optiv formerly Accuvant Labs C Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 www.zimperium.com Exploit for RCE Vulnerability CVE-2015-153...
Sn1per - Automated Pentest Recon Scanner
Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Features Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates open ports...
[SECURITY] Fedora 23 Update: dnsperf-2.0.0.0-18.fc23
This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf1 and resperf1 man pages...
SparkyLinux - Lightweight & fast Debian-based Linux Distribution
SparkyLinux is a GNU/Linux distribution created on the “testing” branch of Debian. It features customized lightweight desktops like E19, LXDE and Openbox, multimedia plugins, selected sets of apps and own custom tools to ease different tasks. Why Sparky? SparkyLinux is a Debian-based Linux...
Burp Suite Professional 1.6.26 - The Leading Toolkit for Web Application Security Testing
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security...
Netflix Sleepy Puppy Cross-Site Scripting Payload Framework
Most automated scanning and security tools that ferret out cross-site scripting vulnerabilities don’t do much analysis beyond the target application. Netflix this week, however, released to open source a tool developed in-house that persists beyond the target app and can flag potential XSS troubl...
AutoBrowser - Create Report and Screenshots of HTTP/s Based Ports on the Network
AutoBrowser is a tool written in python for penetration testers. The purpose of this tool is to create report and screenshots of http/s based ports on the network. It analyze Nmap Report or scan with Nmap, Check the results with http/s request on each host using headless web browser, Grab a...
Penetration Testers Distro: Pentoo
Pentoo is a Live CD and Live USB designed for penetration testing and security assessment. Based on Gentoo Linux , Pentoo is provided both as 32 and 64 bit installable livecd. Pentoo is also available as an overlay for an existing Gentoo installation. It features packet injection patched wifi...
Hackable HTTP proxy: Toxy
toxy is a fully programmatic and hackable HTTP proxy to simulate server failure scenarios and unexpected network conditions It was mainly designed for fuzzing/evil testing purposes, when toxy becomes particularly useful to cover fault tolerance and resiliency capabilities of a system, especially ...
DSA-3343-1 twig - security update
Bulletin has no description...
RaspBSD – FreeBSD distribution for Raspberry Pi
Raspberry Pi is gaining new heights by rapidly maturing as; after Microsoft made Windows 10 IoT core supporting the Raspberry Pi 2, now a new version FreeBSD operating system is also deployable on Raspberry Pi devices, called RaspBSD. FreeBSD Berkeley Software Distribution is an open source...
Cisco Unified Communications Manager - Multiple Vulnerabilities
Vantage Point Security Advisory 2015-001 ======================================== Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: Summary: -------- Cisco Unified Communications Manager CUCM offers services suc...
Cisco Unified Communications Manager - Multiple Vulnerabilities
Cisco Unified Communications Manager - Multiple Vulnerabilities Vantage Point Security Advisory 2015-001 ======================================== Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: Summary: ------...
DSA-3337-1 gdk-pixbuf - security update
Bulletin has no description...
Windows 8.1 - DCOM DCE/RPC Local NTLM Reflection Privilege Escalation (MS15-076) Exploit
Exploit for windows platform in category local exploits Source: https://github.com/monoxgas/Trebuchet Trebuchet MS15-076 CVE-2015-2370 Privilege Escalation Copies a file to any privileged location on disk Compiled with VS2015, precompiled exe in Binary directory Usage: trebuchet.exe...
Microsoft Windows 8.1 - DCOM DCERPC Local NTLM Reflection Privilege Escalation (MS15-076)
Microsoft Windows 8.1 - DCOM DCERPC Local NTLM Reflection Privilege Escalation MS15-076 Source: https://github.com/monoxgas/Trebuchet Trebuchet MS15-076 CVE-2015-2370 Privilege Escalation Copies a file to any privileged location on disk Compiled with VS2015, precompiled exe in Binary directory...