[Dradis Pro v1.7] Framework to enable effective information sharing

Dradis Pro is framework to enable effective information sharing, specially during security assessments. Dradis is a self-contained web application that provides a centralised repository of information to keep track of what has been done so far, and what is still ahead. Changelog v1.7 This is the...

DSA-2698-1 tiff - buffer overflow

Bulletin has no description...

PHP file include vulnerability attack and Defense combat-vulnerability warning-the black bar safety net

Summary PHP is a very popular Web development language on the Internet many Web applications are using PHP development. And in the use of PHP development of Web applications, PHP file include vulnerability is a Common Vulnerability. The use of PHP file include vulnerabilities intrusion website is...

DSA-2707-1 dbus - denial of service

Bulletin has no description...

[OWASP Bricks] Modular Deliberately Vulnerable Web Application

Bricks is a deliberately vulnerable web application built on PHP and MySQL. The project focuses on variations of commonly seen application security vulnerabilities and exploits. Each 'brick' has some sort of vulnerability which can be exploited using tools Mantra and ZAP. The mission is to 'break...

[pweb-suite] Perl based web application penetration testing tools

Written completely in Perl, this suite of tools covers a lot of the basics for penetration testing and vulnerability detection automation. This Suite formerly known as the "pCrack Suite" of tools is used primarily or web application vulnerability testing. xssPlay in Action! YouTube Download...

[Nishang v.0.2.7] PowerShell for Penetration Testing

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.It contains many interesting script...

feeds

This plugin greps every page and finds rss, atom, opml feeds on them. This may be usefull for determining the feed generator and with that, the framework being used. Also this will be helpful for testing feed injection. Plugin type Grep Options This plugin doesnt have any user configured options...

DSA-2706-1 chromium-browser - several

Bulletin has no description...

[PenQ] The Security Testing Browser Bundle

PenQ is an open source Linux based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more. PenQ is configured ...

DSA-2702-1 telepathy-gabble - TLS verification bypass

Bulletin has no description...

Oracle Java Security Enhancements Get Mixed Reviews

Oracle is working hard to restore some faith in the security of the Java browser plug-in with a number of enhancements announced yesterday, specifically to in-house code testing, as well as policy changes regarding signed applets and certificate validation. But after a miserable year of targeted...

Linux/x86 - Egghunter (0x5090) Shellcode (38 bytes)

Linux/x86 - Egghunter 0x5090 Shellcode 38 bytes. Shellcode exploit for Linuxx86 platform / Title : egghunter shellcode : hunter 30 bytes, marker 8 bytes, shellcode 28 bytes Date : 28 May 2013 Author : Russell Willis Testd on: Linux/x86 SMP Debian 3.2.41-2 i686 Comments: Using sigaction system cal...

Small Businesses Lose £800 Million Per Year to Cybercrime

Small- and medium-sized businesses are losing a staggering £785 million per year to cybercrime, according to a joint report published by the Federation of Small Businesses FSB and the Home Office and Business Departments in the United Kingdom. Despite this, just fewer than 20 percent of businesse...

FBI sponsored Ragebooter DDoS attack service

A website that can be described as "DDoS for hire" is perfectly legitimate, according to the owner. Malicious sites that offer attack services are not strangers on the Internet, but web sites sponsored by law enforcement is another story altogether. Ragebooter, is one of many sites that accepts...

nginx 1.3.9-1.4.0 DoS PoC-exploit warning-the black bar safety net

The following content is for Server Security testing, and the prohibition of illegal purposes! Exploit Title: nginx v1. 3. 9-1. 4. 0 DOS POC CVE-2 0 1 3-2 0 7 0 Google Dork: CVE-2 0 1 3-2 0 7 0 Date: 16.05.2013 Exploit Author: Mert SARICA - mert . sarica @ gmail . com - http://www.mertsarica.com...

SAP SOAP RFC - SXPG_COMMAND_EXECUTE Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...

[SpiderFoot v2.0] The Open Source Footprinting tool

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the...

[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics

============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...

Mobile Forensics: Santoku

Santoku is a platform for mobile forensics, mobile malware analysis and mobile application security assessment. The free Santoku Community Edition is a collaborative project to provide a pre-configured Linux environment with utilities, drivers and guides for these areas. Boot into Santoku and get...