OWASP ZAP v2.3.1 - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications

OWASP Zed Attack Proxy ZAP An easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing...

OWASP OWTF – Offensive (Web) Testing Framework

The purpose of this tool is to automate the manual, uncreative part of pen testing: For example, spending time trying to remember how to call "tool X", parsing results of "tool X" manually to feed "tool Y", etc. By reducing this burden I hope pen testers will have more time to: See the big pictur...

Latest Kali Linux 1.0.7 Offers Persistent Encrypted Partition on USB Stick

There is a good news for all Security researchers, Penetration testers and Hackers. The developers of one of the most advance open source operating system for penetration testing, 'KALI Linux' have announced yesterday the release of its latest version of Kali Linux 1.0.7 with some interesting...

DSA-2937-1 mod-wsgi - security update

Bulletin has no description...

74cms the latest through the kill injection vulnerability-vulnerability warning-the black bar safety net

A iconv raised pork The tested website didn't fill it. ! the md5 solution does not open, but can be used to proof a variety of information, you know. exp:http://demo. 74cms. com/plus/ajaxcommon. php? act=hotword&query=%E9%8C%A6%27union+/!...

[SECURITY] Fedora 19 Update: rubygem-actionpack-3.2.13-6.fc19

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-4.fc20

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

eBay Password Database Hack Raises Questions

As is the case with most high-profile data breaches, despite an initial disclosure of information, more questions are inevitable. The eBay password database hack is a prime example. Inquiring minds still want to know more about how the stolen passwords are secured and why the online auction house...

CVE-2 0 1 3-4 5 4 7 Nginx parsing vulnerability in-depth use and analysis-vulnerability warning-the black bar safety net

0x00 background Nginx historically there have been many times parsing vulnerability, such as 80sec found parsing vulnerability, as well as the extension directly after add%0 0 truncation lead to code execution resolves vulnerabilities. But in 2 0 1 3 year-end, nginx again broke Vulnerability, CVE...

Fedora 19 : botan-1.8.14-3.fc19 (2014-6237)

Add a patch to fix a bug in primality testing. See also http://botan.randombit.net/relnotes/1108.html. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Debian: Security Advisory (DSA-2930-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

帝友P2P借贷系统SQL注入通杀#1

简要描述： =。= 详细说明： 模块：省市信息联动插件（通杀V4.0,3.1） 基于后台读数据库出数据的省市信息联动插件，省市区变量直接转int即可！ Location:./?plugins&q=areas&areaid=174 http://www.diyou.cc/?plugins&q=areas&areaid=174 GET参数areaid未有效过滤导致存在注入 通知存在注入点，未做进一步测试，赶紧赶紧赶紧修复！ python sqlmap.py -u "http://www.diyou.cc/?plugins&q=areas&areaid=174" -p "areaid"...

NSF Awards $15m for New Secure Internet Architecture

The National Science Foundation NSF is awarding $15 million in grants for the development, deployment and testing of future Internet architectures that are designed to enhance security, respond to emerging service challenges, and increase scalability. In 2010, the NSF Directorate for Computer and...

Yahoo!: TESTING FOR REFLECTED CROSS SITE SCRIPTING (OWASP‐DV‐001)

Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...

WVS v9.5 - Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive web...

[SECURITY] [DSA 2925-1] rxvt-unicode security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2925-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 08, 2014 http://www.debian.org/security/faq -...

Acunetix Web Vulnerability Scanner Version 9 - Web Application Security Testing Tool

Acunetix W eb V ulnerability S canner WVS is an automated web application security testing tool that audits your web applications by checking for exploitable hacking vulnerabilities. Automated scans may be supplemented and cross-checked with the variety of manual tools to allow for comprehensive...

[SECURITY] [DSA 2919-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2919-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 03, 2014 http://www.debian.org/security/faq -...

DSA-2920-1 chromium-browser - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2920-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...