7424 matches found
[ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics
============================================= INTERNET SECURITY AUDITORS ALERT 2013-002 - Original release date: January 22nd, 2013 - Last revised: March 10th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I...
Mobile Forensics: Santoku
Santoku is a platform for mobile forensics, mobile malware analysis and mobile application security assessment. The free Santoku Community Edition is a collaborative project to provide a pre-configured Linux environment with utilities, drivers and guides for these areas. Boot into Santoku and get...
[Santoku 0.4] Distribution dedicated to mobile forensics, malware analysis and security testing
Santoku includes a number of open source tools dedicated to helping you in every aspect of your mobile forensics, malware analysis, and security testing needs, including: Development Tools: Android SDK Manager AXMLPrinter2 Fastboot Heimdall src | howto Heimdall GUI src | howto SBF Flash Penetrati...
[Kali Linux v1.0.3] Penetration Testing Distribution
Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. Kali is a complete re-build of BackTrack Linux, adhering completely to Debian development standards. All-new infrastructure has been put in place, all tools were...
Wordpress W3 Total Cache PHP Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Wordpress W3 Total Cache PHP Code...
Debian: Security Advisory (DSA-2665-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Update : Backtrack Kali Linux 1.0.3 released with built-in accessibility features
BackTrack Linux, a specialized distribution of penetration testing tools, has long been a favorite of security specialists and IT pros. Security professionals have been relying on the BackTrack security distribution for many years to help them perform their assessments. A couple of weeks ago,...
Update : Backtrack Kali Linux 1.0.3 released with built-in accessibility features
BackTrack Linux, a specialized distribution of penetration testing tools, has long been a favorite of security specialists and IT pros. Security professionals have been relying on the BackTrack security distribution for many years to help them perform their assessments. A couple of weeks ago,...
Syrian Hackers Hijack AP Twitter Tweet Obama Injured by Bomb
Twitter is facing increased pressure to beef up authentication for users after the hijacking of another high-profile account yesterday caused some temporary tremors on the stock market. The social network has reportedly been testing two-factor authentication internally; Twitter lags behind Google...
SAP Portal - Unvalidated redirect
Application: SAP NetWeaver JAVA Versions Affected: SAP NetWeaver J2EE 6.40/7.02, probably others Vendor URL: Bugs: Information disclosure Exploits: YES Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1854826 CVSS:...
SAP Mobile .healthcare.emr.v2 - Unauthorized access
Application: SAP EMR Unwired com.sap.mobile.healthcare.emr.v2, SAP Clinical Task Tracker com.sap.mobile.healthcare.ctt Vendor URL: http://www.sap.com Bugs: Unauthorized access Reported: 20.04.2013 Vendor response: 21.04.2013 Date of Public Advisory: 15.02.2015 Reference: SAP Security Note 2117079...
Netgear DGN2200B pppoe.cgi Remote Command Execution Vulnerability
Some Netgear Routers are vulnerable to an authenticated OS command injection on their web interface. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd...
DSA-2660-1 curl - cookie leak vulnerability
Bulletin has no description...
DSA-2661-1 xorg-server - information disclosure
Bulletin has no description...
[Panoptic] Automates the process of search and retrieval of content for common log and config files through LFI vulnerability
Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability. Official introductionary post can be found here. Also, you can find a sample run here. Help Menu Usage: panoptic.py --url...
Moderate: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update
An update for the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 that fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring...
Linksys EA2700 arbitrary file traversal vulnerability-vulnerability warning-the black bar safety net
Brief description: This router software has never carried out security penetration testing, in the not logged in case you can easily get the router/etc/passwd file or other configuration file. Detailed description: This router software has never carried out security penetration testing, in the no...
DSA-2659-1 libapache-mod-security - XML external entity processing vulnerability
Bulletin has no description...
[Ghost Phisher] GUI suite for phishing and penetration attacks
Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and...
TinyWebGallery 1.8.9 Path Disclosure
============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...