CVE-2023-38056 Code execution via System Configuration

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

CVE-2023-38056 Code execution via System Configuration

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

Security update for wdiff (moderate)

openSUSE Security Update: Security update for wdiff Announcement ID: openSUSE-SU-2022:10031-1 Rating: moderate References: Cross-References: CVE-2012-3386 Affected Products: openSUSE Backports SLE-15-SP4 An update that fixes one vulnerability is now available. Description: This update for wdiff...

web_spider

This plugin is a classic web spider, it will request a URL and extract all links and forms from the response. Three configurable parameter exist: onlyforward ignoreRegex followRegex IgnoreRegex and followRegex are commonly used to configure the webspider to spider all URLs except the "logout" or...

find_captchas

This plugin finds any CAPTCHA images that appear on a HTML document. The crawl is performed by requesting the document two times, and comparing the image hashes, if they differ, then they may be a CAPTCHA. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For...

server_status

This plugin fetches the server-status file used by Apache, and parses it. After parsing, new URLs are found, and in some cases, the plugin can deduce the existance of other domains hosted on the same server. Plugin type Infrastructure Options This plugin doesnt have any user configured options...

rnd_path

This evasion plugin adds a random path to the URI. Example: Input: /bar/foo.asp Output : /aflsasfasfkn/../bar/foo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source...

archive_dot_org

This plugin does a search in archive.org and parses the results. It then uses the results to find new URLs in the target site. This plugin is a time machine ! Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- maxdepth | integer | 3 | Maximum recursion...

google_spider

This plugin finds new URLs using google. It will search for "site:domain.com" and do GET requests all the URLs found in the result. One configurable parameter exists: resultlimit Plugin type Crawl Options Name | Type | Default Value | Description | Help ---|---|---|---|--- resultlimit | integer |...

cache_control

This plugin analyzes every HTTPS response and reports instances of incorrect cache control which might lead the users browser to cache sensitive contents on their system. The expected headers for HTTPS responses are: Pragma: No-cache Cache-control: No-store Plugin type Grep Options This plugin...

ssi

This plugin finds server side include SSI vulnerabilities. Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin source...

blank_body

This plugin finds HTTP responses with a blank body, these responses may indicate errors or misconfigurations in the web application or the web server. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated...

analyze_cookies

This plugin greps every response for session cookies that the web application sends to the client, and analyzes them in order to identify potential vulnerabilities, the remote web application framework and other interesting information. Plugin type Grep Options This plugin doesnt have any user...

fingerprint_waf

Try to fingerprint the Web Application Firewall that is running on the remote end. Please note that the detection of the WAF is performed by the infrastructure.afd plugin afd stands for Active Filter Detection. Plugin type Infrastructure Options This plugin doesnt have any user configured options...

csrf

This plugin finds Cross Site Request Forgeries csrf vulnerabilities. The simplest type of csrf is checked to be vulnerable, the web application must have sent a permanent cookie, and the aplicacion must have query string parameters. Plugin type Audit Options This plugin doesnt have any user...

phishtank

This plugin searches the domain being tested in the phishtank database. If your site is in this database the chances are that you were hacked and your server is now being used in phishing attacks. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more...

sed

This plugin is a stream editor for web requests and responses. Three configurable parameters exist: priority expressions fixContentLen Stream edition expressions are strings that tell the sed plugin what to change. Sed plugin uses regular expressions, some examples: qh/User/NotLuser/ This will ma...

xss_protection_header

This plugin detects insecure usage of the "X-XSS-Protection" header as explained in the MSDN blog article "Controlling the XSS Filter". Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres alwa...

favicon_identification

This plugin identifies software version using favicon.ico file. It checks MD5 of favicon against the MD5 database of favicons. See also: http://www.owasp.org/index.php/Category:OWASPFaviconDatabaseProject http://kost.com.hr/favicon.php Plugin type Infrastructure Options This plugin doesnt have an...

meta_tags

This plugin greps every page for interesting meta tags. Some interesting meta tags are the ones that contain : microsoft, visual, linux . Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres...