Debian Security Advisory DSA 2837-1 (openssl - programming error)

Anton Johansson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. The oldstable distribution squeeze is not affected. OpenVAS Vulnerability Test $Id: deb2837.nasl 6663 2017-07-11 09:58:05Z teissa $ Auto-generated from advisory DSA 2837-1 using...

信游科技页游平台程序通用型SQL注入漏洞

简要描述： 某页游平台通用型SQL注入漏洞，可直接提权服务器，涉及页游平台数十个。全是企业站点，涉及资金交易。 详细说明： 今天是我第一次用sqlmap，没钱买电脑，也装不了backtrack 存在漏洞站点：http://www.52xinyou.cn/anli.htm 都在这个客户案例里面，17188不存在这个页面的漏洞。但是我不保证其他页面不存在。 本次渗透测试站点：http://www.teiyi.com/，对不起，让你受苦了。 sql注入地址：http://www.teiyi.com/payment/yeemobile.aspx?code=UNICOM 充值页面 直接sqlmap...

Debian Security Advisory DSA 2836-1 (devscripts - arbitrary code execution)

Several vulnerabilities have been discovered in uscan, a tool to scan upstream sites for new releases of packages, which is part of the devscripts package. An attacker controlling a website from which uscan would attempt to download a source tarball could execute arbitrary code with the privilege...

DSA-2835-1 asterisk - buffer overflow

Bulletin has no description...

DSA-2836-1 devscripts - arbitrary code execution

Bulletin has no description...

[Sandcat Browser 4.4] The fastest web browser combined with the fastest scripting language packed with features for pen-testers

Sandcat Browser is the fastest web browser combined with the fastest scripting language packed with features for pen-testers. Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web browser with extensions support developed by the Syhunt team. The Sandcat Browser is built on top...

[TheHarvester v2.2] The Information Gathering Suite

The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration te...

[Watcher] passive Web-security scanner

Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

To solve the FCKEDITOR to remove all the upload page how to upload invasion-vulnerability warning-the black bar safety net

Long time no script invasion,today for participating in a match,then the certificate actually needs the money to buy,it is very uncomfortable,Baidu took under its official website,for a security,the result is not successful,because the iis file parsing vulnerability patch on,but learned some of t...

[BTS PenTesting Lab] A vulnerable web application to learn common vulnerabilities

The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?". So, i always suggest them to use some vulnerable web application such as DVWA. However, i felt dvwa is not suitable for new and advanced techniques...

PT-2014-91: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Reflected cross-site scripting in the index.php page allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to...

PT-2014-65: Multiple Cross-Site Scripting in InstantCMS

The specialists of the Positive Research center have detected multiple Cross-Site Scripting vulnerabilities in InstantCMS. Cross-site scripting in the spellchecker.php file allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's...

PT-2014-79: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Cross-site scripting in the market.php script allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to fix No...

Debian: Security Advisory (DSA-2827-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2826-1 (denyhosts - Remote denial of ssh service)

Helmut Grohne discovered that denyhosts, a tool preventing SSH brute-force attacks, could be used to perform remote denial of service against the SSH daemon. Incorrectly specified regular expressions used to detect brute force attacks in authentication logs could be exploited by a malicious user ...

TestingWhiz - Test Automation Tool

TestingWhiz is a test automation tool for web, database, cloud, mobile and web services/API testing from Cygnet Infotech. It has a codeless architecture based on FAST Automation Engine with 290+ readily available test commands that provide easy, intuitive and fast automation solution without...

[SSLSmart] Smart SSL Cipher Enumeration

SSLSmart is a highly flexible and interactive tool aimed at improving efficiency and reducing false positives during SSL testing. A number of tools allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed b...

[SSLDigger v1.02] Tool to assess the strength of SSL

SSLDigger v1.02 is a tool to assess the strength of SSL servers by testing the ciphers supported. Some of these ciphers are known to be insecure. Features: full Browser Support using Microsoft Internet Explorer Browser Control support for operating the tool in batch modefor operating on multiple...

[XSS Cheat Sheet] Bypassing Modern Web Application Firewall XSS Filters

While we doing web application penetration testing for our clients, we may some time have to face the Web application Firewall that blocks every malicious request/payload. There are some Cheat sheets available on internet that helped to bypass WAF in the past. However, those cheats won't work wit...

Cisco ONS 15454 Transport Node Controller Denial of Service Vulnerability

An issue in the tNetTaskLimit process of the Cisco ONS 15454 Transport Node Controller TNC could allow an unauthenticated, remote attacker to cause the TNC to reload due to a watchdog timeout. The issue is due to a packet processing services process missing health pings due to excessive traffic...