VoIP Penetration Testing Kit: Viproy

Viproy Voip Pen-Test Kit provides penetration testing modules for VoIP networks. It supports signalling analysis for SIP and Skinny protocols, IP phone services and network infrastructure. Viproy 2.0 is released at Blackhat Arsenal USA 2014 with TCP/TLS support for SIP, vendor extentions support,...

cmseasy 最新版SQLl注入（第八次绕WAF）

简要描述： 继续绕啊绕啊 详细说明： cmseasy 终于更新了 看了下对比文件，那修复无法吐槽 function LiveMessage$a global $db; $sessionid = $SESSION'sessionid'; $name = addslasheshtmlspecialchars$a'name'; $email = addslasheshtmlspecialchars$a'email'; $country = htmlspecialchars$a'country'; $phone = htmlspecialchars$a'phone'; $departmentid...

Discuz 的UCenter创始人密码可被爆破（有案例）

简要描述： 没看源码，直接黑盒测试的。非验证码识别。 so 附上利用代码+几个成功案例。 详细说明： http://192.168.1.105/discuz/ucserver/admin.php 含有一个验证码 验证码的地址为 http://localhost/discuz/ucserver/admin.php?m=seccode&seccodeauth=250dIGq%2FYDhocuXf3IrsBkvB2k23JXlXAbuWr3X1liUcX94&7500 但是 经过测试发现 登录ucserver的时候 如果ip第一次出现那么 seccode的默认值为cccc 而 ip地址...

U.S. vulnerability management library released Bash vulnerability latest summary-vulnerability warning-the black bar safety net

! Introduction NVD National Vulnerability Databaseis the U.S. government based on vulnerability management data of the standard Knowledge Base, these data support the automation of vulnerability management and security testing, and follow Federal Information Security Management act FISMA is...

Browser Exploitation Framework: BeEF

Browser Exploitation Framework The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks, BeEF focuses on leveraging...

Cloud application security: preventing security vulnerabilities-vulnerability warning-the black bar safety net

Currently, cloud-based applications are widely used, and with amazing speed growing. Since cloud-based applications can be accessed through the Internet, and anyone, anywhere can access – therefore, application security becomes particularly important. This is why the creation and management of...

SEANux — Syrian Electronic Army To Release its Own Linux-based Distribution

Lots of Linux distributions are offered free of cost on the Internet by a number of companies, non-commercial organizations and by many individuals as well, and now, the notorious Syrian Electronic Army SEA has announced their own Linux distribution known as SEANux. A Linux distribution is a...

Android Browser CSP Bypass

Hello. I hope this is the correct place to report this bug. I've found a Content Security Policy bypass similar to the same and related to the same origin policy bypass in this CVE. This is a separate vulnerability, however. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6041 I've tested...

BMC Track-It! - Multiple Vulnerabilities

No description provided by source. Multiple critical vulnerabilities in BMC Track-It! Discovered by Pedro Ribeiro [email protected], Agile Information Security ================================================================================= The application exposes several .NET remoting services o...

DSA-3042-1 exuberant-ctags - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3042-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Drozer - The Leading Security Assessment Framework for Android

drozer is a comprehensive security audit and attack framework for Android. With increasing pressure to support mobile working, the ingress of Android into the enterprise is gathering momentum. Have you considered the threat posed by the Android app that supports your business function, or Android...

Linux Bash find significant security vulnerabilities to modify the method-vulnerability warning-the black bar safety net

GMT 9 August 2 5, message, Linux users today and got a“surprise”it! The Red Hat security team on Linux in the widely used Bash shell, found a subtle but dangerous security vulnerabilities. The vulnerability called the“Bash Bug”or“Shellshock”is. When the user normal access, the vulnerability allow...

From the parsing perspective analysis of the Shellshock Vulnerability[CVE-2 0 1 4-6 2 7 1]-vulnerability warning-the black bar safety net

Author: yaoxi Documentation This time, we combined The poc analysis to know about the Bash syntax rules, from another angle to help everyone better understand the bash and the shellshock vulnerability. Vulnerability description CVE-2 0 1 4-6 2 7 1 vulnerability is Stéphane Hassles France found th...

Kali Linux "NetHunter" — Turn Your Android Device into Hacking Weapons

The developers of one of the most advance open source operating system for penetration testing, 'KALI Linux' have announced yesterday the release of a new Kali project, known as NetHunter, that runs on a Google Nexus device. Kali Linux is an open source Debian-based operating system for penetrati...

DSA-3029-1 nginx - security update

Bulletin has no description...

OWASP Releases Latest App Sec Testing Guide

Advocates with the web application security consortium OWASP published the latest iteration of its Testing Guide this week. The guide, celebrating its 10th anniversary this year, is an informational manual designed to teach developers how to build and maintain secure applications in the face of...

Back-and-Forth With Google Led to Disclosure of Android Browser Flaw

The researcher who originally discovered the same-origin policy bypass in the Android browser said he reported the vulnerability to Google some time ago, but that the company’s Android security team said it was unable to reproduce the issue. Rafay Baloch said he first reported the vulnerability t...

Ammyy Admin 3.5 - Remote Code Execution (Metasploit)

Ammyy Admin 3.5 - Remote Code Execution Metasploit Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/34647.zip aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is wel...

SAP Afaria 7 XcListener - Missing authorization check

Application: SAP Afaria 7.0.6001.5 Vendor URL: http://www.sap.com Bugs: Missing authorization check Reported: 09.12.2014 Vendor response: 10.12.2014 Date of Public Advisory: 15.03.2015 Reference: SAP Security Note 2134905 Authors: Vahagn Vardanyan ERPScan Vulnerability information Class: DoS...