[OWASP Broken Web Applications Project VM v1.1] Collection of vulnerable web applications

The Broken Web Applications BWA Project is a collection of vulnerable web applications that is distributed on a Virtual Machine. The Broken Web Applications BWA Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: Learning about...

[Bluebox-ng] UC/VoIP Security Tool

Bluebox-ng is a next generation UC/VoIP security tool. It has been written in CoffeeScript using Node.js powers. This project is "our 2 cents" to help to improve information security practices in VoIP/UC environments. GitHub repo : https://github.com/jesusprubio/bluebox-ng IRCFreenode :...

SAP CRM crm_flex_data - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1909665 Authors: Alexey Tyurin, Nikolay Mescherin ERPScan Description...

Incomplete Access Management and Remote Code Execution Vulnerability in TYPO3 Core

It has been discovered that TYPO3 Core has Incomplete Access Management and is vulnerable to Remote Code Execution Component Type: TYPO3 Core Vulnerability Types: Cross-Site Scripting, Remote Code Execution Overall Severity: Critical Release Date: September 4, 2013 Vulnerable subcomponent: File...

DSA-2751-1 libmodplug - several

Bulletin has no description...

Penetration Testing Browser Bundle: PenQ

PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. Penetration Testin...

About the PHP code auditing and vulnerability digging a little thought-vulnerability warning-the black bar safety net

Here is the PHP code auditing and vulnerability discovery the idea to do a bit summary, is a personal point of view, there is something wrong place please point out. PHP vulnerabilities in a large part is from the programmer's own lack of experience, of course, and server configuration related, b...

Metasploit Module Adds Sudo Vulnerability for OS X

Attackers looking to exploit a previously disclosed and apparently still unpatched bug in sudo, a Unix-based Linux command found in most Apple OS X builds have gotten a little more help this week. As Threatpost reported in March, the vulnerability CVE-2013-1775 can essentially set back the...

[Wi-fEye] Automated Network Testing Tool

Wi-fEye is an automated wirelress penetration testing tool written in python , its designed to simplify common attacks that can be performed on wifi networks so that they can be executed quickly and easily. Wifi has three main menus : 1. Cracking menu: contains attacks that could allow us to crac...

Automated Wireless Penetration Testing: Wi-fEye

Wi-fEye is an automated wireless penetration testing tool written in python , its designed to simplify common attacks that can be performed on wifi networks so that they can be executed quickly and easily. Wifi has three main menus : 1. Cracking menu: contains attacks that could allow us to crack...

11 Firefox Add-ons to Hack and PenTest

1. Tamper Data Tamper data is an great tool to to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to destination host with this. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XS...

WordPress Simple Login Registration 1.0.1 Cross Site Scripting

Exploit Title: Cross Site Scripting WP Simple Login Registration 1.0.1 - Wordpress Date: 26 de Agosto del 2013 Exploit Author: Dylan Irzi Credit goes for: websecuritydev.com Vendor Homepage: http://envato.dropntheme.com/wp-simple-login-registration-plugin/ Tested on: Win8 & Linux Mint Affected...

New Mozilla Plug-N-Hack Tool Integrates Browsers and Security Tools

The Mozilla security team is developing a new proposed standard that will make it easier for researchers to integrate some of their tools with Firefox and other browsers. The standard, known as Plug-n-Hack, is an open project that Mozilla hopes will be adopted by researchers and tool makers. A lo...

[GoLismero v2.0] The Web Knife

GoLismero is an open source framework for security testing. It's currently geared towards web security, but it can easily be expanded to other kinds of scans. The most interesting features of the framework are: Real platform independence. Tested on Windows, Linux, BSD and OS X. No native library...

[Yersinia v0.7.3] The network protocols assessment tool

Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. Currently, there are some network protocols implemented, but others are coming tell us which one...

[Xenotix XSS Exploit Framework v4] Advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework

OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting XSS vulnerability detection and exploitation framework. It provides Zero False Positive scan results with its unique Triple Browser Engine Trident, WebKit, and Gecko embedded scanner. It is claimed to have the world’s 2nd...

[Introspy] Monitor app in your iDevice

The Problem In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various API...

Debian Security Advisory DSA 2739-1 (cacti - several vulnerabilities)

Two security issues SQL injection and command line injection via SNMP settings were found in Cacti, a web interface for graphing of monitoring systems. OpenVAS Vulnerability Test $Id: deb2739.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2739-1 using nvtgen 1.0 Script...

New Jigsaw Hacking Tool Spotted in Attacks

If you’ve run an internal phishing exercise, chances are you may have used Jigsaw, an open source penetration testing tool that enables security teams to automatically generate email address combinations from a minimal amount of public information. As with other open source security and networkin...

shopex ctl. member. php file SQL injection vulnerability-vulnerability warning-the black bar safety net

Issql injectionvulnerability testing version: shopex-singel-4.8.5.78660 File:\core\shop\controller\ctl.member.php function delTrackMsg if! empty$POST'deltrack' $oMsg = &$this-system-loadModel'resources/msgbox'; $oMsg-delTrackMsg$POST'deltrack'; $this-splash'success',...