Arachni v0.2.1 - penetration testers Framework - latest release

"Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications." This is the official change log: Major performance improvements Major system refactoring and code clean-up Major module API...

BackTrack 4 R2 : New release download now !

After being in production for almost 3 months, BackTrack has been updated – yet again! It has been aptly code named – "Nemesis". "BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated ...

Web Crawler : Web Application Crawler - New Release

Web Crawler is a open source application that is based on the WebEngine library. WebEngine is the set of tools for performing black-box web-sites testing and other similar tasks. It provides tools means for reception of documents from a web-server, parse HTML pages, their comparisons, search...

Increase the web session timeout from 60 minutes to 300 minutes

Usability and security testing have shown that XSRF time out is annoying people in the wild. The security guy Vitaly has ok'ed the limit to be increased. This has been done on trunk along with other changes and should be done on 4.3 branch as well...

Increase the web session timeout from 60 minutes to 300 minutes

Usability and security testing have shown that XSRF time out is annoying people in the wild. The security guy Vitaly has ok'ed the limit to be increased. This has been done on trunk along with other changes and should be done on 4.3 branch as well...

Increase the web session timeout from 60 minutes to 300 minutes

Usability and security testing have shown that XSRF time out is annoying people in the wild. The security guy Vitaly has ok'ed the limit to be increased. This has been done on trunk along with other changes and should be done on 4.3 branch as well...

DSA-2125-1 openssl - buffer overflow

Bulletin has no description...

Re: D-Link DIR-300 authentication bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for your replies especially linuxoid.rain at gmail dot com and mfardiles . Mentioned above users informed me that my vulerability also affect DIR-600 and DIR-320 D-Link router models. I'm going to buy those routers and test all available...

Hardcoded Password, Other Critical Bugs Found in Cisco UVC Software

There is a series of vulnerabilities in Cisco’s Unified Videoconferencing product, including a hardcoded password for several powerful accounts that can’t be changed or deleted. That bug and others disclosed Wednesday can be used to gain complete control of the device and possibly compromise othe...

SQL injection in IceBB

Vulnerability ID: HTB22688 Reference: http://www.htbridge.ch/advisory/sqlinjectioninicebb.html Product: IceBB Vendor: XAOS Interactive http://icebb.net/ Vulnerable Version: 1.0-rc10 Vendor Notification: 02 November 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting...

CompactCMS 1.4.1 SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================ CompactCMS 1.4.1 SQL Injection Vulnerability ============================================ Product: CompactCMS Vendor: compactcms.nl http://www.compactcms.nl/ Vulnerable Version: 1.4.1 Vendor...

NiX : A Linux Brute Forcer Download

NiX Brute Forcer is a tool that uses brute force in parallel to log into a system without having authentication credentials beforehand. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of NiX is to support a variety of services that allow remote...

NSA: Our Development Methods Are in the Open Now

WASHINGTON–Despite its reputation for secrecy and technical expertise, the National Security Agency doesn’t have a set of secret coding practices or testing methods that magically make their applications and systems bulletproof. In fact, one of the agency’s top technical experts said that virtual...

Penetration Tester XSSer v1.0 - New Version Download

All of you web application penetration testers, check out this release of XSSer version 1.0! From this release, the author plans to rename XSSer to "The Mosquito". Our first post regarding XSSer can be found here. "XSSer is an open source penetration testing tool that automates the process of...

E-Php content management system SQL injection exploit-vulnerability warning-the black bar safety net

| E-Php Content Management System CMS, article. php page there is SQL injection. Vulnerability testing: Trojan http://www.chinasg.tk/article.php?esid=-1+union+select+1,version,3,4,5,6,7,8,9,1 0,1 1,1 2...

SweetRice CMS 0.6.7 Multiple Vulnerabilities

Exploit for php platform in category web applications ============================================ SweetRice CMS 0.6.7 Multiple Vulnerabilities ============================================ Product: SweetRice CMS Vendor: basic-cms.org http://www.basic-cms.org/ Vulnerable Version: 0.6.7 Vendor...

MiniBB 2.5 SQL Injection Vulnerability

Exploit for php platform in category web applications ====================================== MiniBB 2.5 SQL Injection Vulnerability ====================================== Product: MiniBB Vendor: MiniBB.com http://www.minibb.com/ Vulnerable Version: 2.5 Vendor Notification: 21 October 2010...

SweetRice 0.6.7 - Multiple Vulnerabilities

SweetRice 0.6.7 - Multiple Vulnerabilities Vulnerability ID: HTB22669 Reference: http://www.htbridge.ch/advisory/resetadminpasswordinsweetricecms.html Product: SweetRice CMS Vendor: basic-cms.org http://www.basic-cms.org/ Vulnerable Version: 0.6.7 Vendor Notification: 21 October 2010 Vulnerabilit...

JAF CMS 4.0 rc2 - Multiple Vulnerabilities

JAF CMS 4.0 rc2 - Multiple Vulnerabilities Vulnerability ID: HTB22665 Reference: http://www.htbridge.ch/advisory/shellcreatecommandexecutioninjafcms.html Product: JAF CMS Vendor: JAF CMS http://jaf-cms.sourceforge.net/ Vulnerable Version: 4.0 RC2 Vendor Notification: 21 October 2010 Vulnerability...

JBI CMS - SQL Injection

JBI CMS - SQL Injection In The Name Of GOD + Exploit Title: JBI CMS SQL Injection Vulnerability + Date: 2010-11-04 + Author : Cru3l.b0y + Software Link: http://www.jamesblakeinternet.com/london/cms + Tested on: Ubuntu 10.10 + Contact : [email protected] + Website : WwW.PenTesters.IR + Greeting:...