7422 matches found
Data Stream Encryption: ciphr
Data Stream Encryption Ciphr is a CLI tool for performing and composing encoding, decoding, encryption, decryption, hashing, and other various operations on streams of data. It takes provided data, file data, or data from stdin, and executes a pipeline of functions on the data stream, writing the...
Lazarus Guestbook 1.22 XSS / SQL Injection
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Lazarus Guestbook 1.22 Multiple Persistent Cross-Site Scripting - Sql Injection Vulnerability Date: 23/12/2014 Url Vendor:...
某政府信息公开系统存在SQL注入
简要描述: RT 详细说明: 吉大正元信息技术股份有限公司:http://www.jit.com.cn/ 众多政府网站都在使用该系统 我就用5个案例来测试。 注入链接是: /zwdtSjgl/infoDetail.jsp?id= 案例: http://www.ilj.gov.cn/zwdtSjgl/infoDetail.jsp?id=461 http://218.62.81.171/zwdtSjgl/infoDetail.jsp?id=461 http://218.62.100.33:8000/zwdtSjgl/infoDetail.jsp?id=146...
IBM Security AppScan Enterprise Cross-Site Scripting Vulnerability
IBM Security AppScan Enterprise is a set of U.S. IBM Web application security testing solutions. Formerly known as IBM Rational AppScan Enterprise, the program supports simultaneous scanning of multiple Web applications , generate vulnerability reports and intelligent patching . IBM Security...
phpyun v3.2 (20141222) 无需登录无视过滤注入一枚。
简要描述: 无需登录。 最新版本。 demo测试。 功能越多 bug越多 bug越多 rank越多。 详细说明: 在model/subscribe.class.php中 function certaction if$GET'id' $arr=@explode"|",base64decode$GET'id';//当时我就震惊了。。。 $email = $arr0; $code = $arr1; $nid=$this-obj-DBupdateall"subscribe","status='1'","email='".$email."' and code='".$code."'";...
SysAid Server Arbitrary File Disclosure
Vantage Point Security Advisory 2014-004 ======================================== Title: SysAid Server Arbitrary File Disclosure ID: VP-2014-004 Vendor: SysAid Affected Product: SysAid On-Premise Affected Versions: Summary: --- SysAid Server is vulnerable to an unauthenticated file disclosure...
Lazarus Guestbook 1.22 - Multiple Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Lazarus Guestbook 1.22 Multiple Persistent Cross-Site Scripting - Sql Injection Vulnerability Date: 23/12/2014 Url Vendor:...
ProjectSend r561 Ultimate Cross Site Scripting / Path Disclosure
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url Vendor: http://www.projectsend.org/ Vendor Name:...
GQ File Manager 0.2.5 - Multiple Vulnerabilities
GQ File Manager 0.2.5 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's Date: 19/12/2014 Url Vendor...
ProjectSend r561 - Multiple Vulnerabilities
ProjectSend r561 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend r561 - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url...
GQ File Manager 0.2.5 - Multiple Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's Date: 19/12/2014 Url Vendor: http://installatron.com/phpfilemanager Vendor...
ProjectSend r561 - Multiple Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: ProjectSend r561 - Cross Site Scripting & Full Path Disclosure Vulnerability's Date: 19/12/2014 Url Vendor: http://www.projectsend.org/ Vendor Name...
Using the Diskshadow Utility to Manually Test VSS Operations
Windows Server Required This article documents how to use Diskshadow , which is only available in Server versions of Windows 2008+. Purpose This article documents how to manually create a volume shadow copy using the Diskshadow command-line utility in Windows. Cause Veeam products use the Microso...
LOIC 1.0.8 (Low Orbit Ion Cannon) - A network stress testing application
Low Orbit Ion Cannon LOIC is an open source network stress testing and denial-of-service attack application, written in C. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms. LOIC performs a...
Yahoo security team: a vulnerability 9 0 days without repair, open to the public details-vulnerability warning-the black bar safety net
Yahoo security team start to use with Google Project Zero, as the vulnerability disclosure policy--in the vulnerability information to notify the affected vendor of 9 0 days, the external disclosure of vulnerability details. The black bar safety net science: on the Google Project Zero Google...
Linux x86 - rmdir 37 bytes
Linux x86 - rmdir 37 bytes. Shellcode exploit for linux platform / Title: Linux x86 rmdir - 37 bytes Author: kw4 useful for testing purposes 08048060 : 8048060: 31 c0 xor %eax,%eax 8048062: 50 push %eax 8048063: 68 6f 6c 68 6f push $0x6f686c6f 8048068: 68 68 6f 6c 68 push $0x686c6f68 804806d: 68 ...
Next Generation Penetration Testing Distro: Cyborg Hawk
Next Generation Penetration Testing Distro The world’s most advanced, powerful and yet beautiful penetration testing distribution ever created.Lined up with ultimate collection of tools for pro Ethical Hackers and Cyber Security Experts. Simplify security in your IT infrastructure with Cyborg. It...
Concrete5 CMS 5.7.2 / 5.7.2.1 Cross Site Scripting
Title: Concrete5 CMS Reflected Cross-Site Scripting Vulnerabilities Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 02 November 2014 Updated: 9 December 2014 Published: 9 December 2014 MorXploit Research http://www.MorXploit.com Vendor: Concrete5 Vendor url: www.concrete5.org...
zANTI 2.0 - Android Network Toolkit
zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to...
Samurai Web Testing Framework 3.0 - LiveCD Web Pen-testing Environment
The Samurai project team is happy to announce the release of a development version of the Samurai Web Testing Framework. This release is currently a fully functional linux environment that has a number of the tools pre-installed. Our hope is that people who are interested in making this the best...