WebSurgery v0.5 - Web app testing tool Released

WebSurgery v0.5 - Web app testing tool Released WebSurgery is a suite of tools for security testing of web applications. Itwas designed for security auditors to help them with the web applicationplanning and exploitation. Currently, it uses an efficient, fast and stableWeb Crawler, File/Dir...

WebSurgery v0.5 - Web app testing tool Released

WebSurgery v0.5 - Web app testing tool Released WebSurgery is a suite of tools for security testing of web applications. Itwas designed for security auditors to help them with the web applicationplanning and exploitation. Currently, it uses an efficient, fast and stableWeb Crawler, File/Dir...

[BSA-038] Security Update for icedove

Christoph Göhre uploaded new packages for icedove which fixed the following security problems: CVE-2011-0083 Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists allows remote attackers to cause a denial of service application crash...

Citrix EdgeSight for Load Testing Detection

Citrix EdgeSight for Load Testing, a system and network monitoring application, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid55473; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/10"...

Citrix EdgeSight for Load Testing < 3.8.1 Remote Code Execution

According to its version number, the Citrix EdgeSight for Load Testing install on the remote Windows host is earlier than 3.8.1. As such, it is affected by a code execution vulnerability in the 'LauncherService.exe' component. C Tenable Network Security, Inc. include"compat.inc"; if description...

Double nibble URI decoding XSS Vulnerability on EC Council website

Double nibble URI decoding XSS Vulnerability on EC Council website What EC Council is ? They offers certifications in certified ethical hacker ceh, Computer Security, network security, internet security program and computer forensics and penetration testing. Information Security, Ethical Hacking,...

SuperH sh4 Add root user with password

SuperH sh4 Add root user with password. Shellcode exploit for sh4 platform / Title: Linux/SuperH - sh4 - add root user with password - 143 bytes Date: 2011-06-23 Tested on: debian-sh4 2.6.32-5-sh7751r Author: Jonathan Salwan - twitter: @jonathansalwan http://shell-storm.org Informations:...

The Social-Engineer Toolkit v1.5 Released

The Social-Engineer Toolkit v1.5 Released The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to...

The Social-Engineer Toolkit v1.5 Released

The Social-Engineer Toolkit v1.5 Released The Social Engineering Toolkit SET is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to...

DSA-2265-1 perl - missing taint check

Bulletin has no description...

THC-HYDRA v6.4 - Fast network logon cracker

THC-HYDRA v6.4 - Fast network logon cracker THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote...

Interview with Team Inj3ct0r ( 1337day )

Interview with Team Inj3ct0r 1337day Inj3ct0r provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and...

Interview with Team Inj3ct0r ( 1337day )

Interview with Team Inj3ct0r 1337day Inj3ct0r provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and...

Samurai Web Testing Framework LiveCD

Samurai Web Testing Framework LiveCD The Samurai Web Testing Framework is a LiveCD focused on web application testing. We have collected the top testing tools and pre-installed them to build the perfect environment for testing applications. Download...

Samurai Web Testing Framework LiveCD

Samurai Web Testing Framework LiveCD The Samurai Web Testing Framework is a LiveCD focused on web application testing. We have collected the top testing tools and pre-installed them to build the perfect environment for testing applications. Download...

DSA-2258-1 kolab-cyrus-imapd - implementation error

Bulletin has no description...

KMPlayer 3.0.0.1440 Buffer Overflow

!/usr/bin/python The KMPlayer 3.0.0.1440 .mp3 Buffer Overflow Exploit XPSP3 DEP Bypass Downloaded from: http://download.cnet.com/The-KMPlayer/3000-136324-10659939.html 06 Jun 11 Cobbled together by dookie and ronin This exploit performs DEP bypass on WinXP SP3 with 2 different offsets. In our...

The KMPlayer 3.0.0.1440 .mp3 Buffer Overflow Exploit XPSP3 DEP Bypass

Exploit for windows platform in category local exploits !/usr/bin/python The KMPlayer 3.0.0.1440 .mp3 Buffer Overflow Exploit XPSP3 DEP Bypass Downloaded from: http://download.cnet.com/The-KMPlayer/3000-136324-10659939.html 06 Jun 11 Cobbled together by dookie and ronin This exploit performs DEP...

Nmap NSE net: smb-enum-domains

Attempts to enumerate domains on a system, along with their policies. This generally requires credentials, except against Windows 2000. In addition to the actual domain, the 'Builtin' domain is generally displayed. Windows returns this in the list of domains, but its policies don't appear to be...

Nmap NSE net: smb-enum-users

Attempts to enumerate the users on a remote Windows system, with as much information as possible, through two different techniques both over MSRPC, which uses port 445 or 139; see 'smb.lua'. The goal of this script is to discover all user accounts that exist on a remote system. This can be helpfu...