175 matches found
yorkweekly.nh.newsmemory.com XSS vulnerability
Vulnerable URL: http://yorkweekly.nh.newsmemory.com/eebrowser/ipad/html5.check.2145/action/ipad/initpage.php?pSetup=OPENBUGBOUNTY" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 08.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
coloradohometownweekly.com XSS vulnerability
Vulnerable URL: http://www.coloradohometownweekly.com/circare"--!"/html/gsatemplate.jsp/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1661573 VIP website status:| No Coordinated...
Open Source Firewall: OPNsense
Open Source Firewall: OPNsense OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings...
Metasploit Web UI Static secret_key_base Value Exploit
This module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secretkeybase value. Knowledge of the static secretkeybase value allows for deserialization of a crafted Ruby Object...
Joomla Event Booking 2.10.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title : Joomla Event Booking Component - SQL Injection Exploit Author : Persian Hack Team Homepage : http://persian-team.ir Vendor Homepage : http://extensions.joomla.org/extension/event-booking Category Webapps Tested on Win Version :...
Metasploit Web UI Static secret_key_base Value
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule NullSerializer @serializer = options:serializer || Marshal end def encryptandsignvalue...
Metasploit Web UI Static secret_key_base Value
This module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secretkeybase value. Knowledge of the static secretkeybase value allows for deserialization of a crafted Ruby Object...
Kali Linux 2016.2 - The Best Penetration Testing Distribution
This release brings a whole bunch of interesting news and updates into the world of Kali. New KDE, MATE, LXDE, e17, and Xfce Builds Although users are able to build and customize their Kali Linux ISOs however they wish, we often hear people comment about how they would love to see Kali with...
brentwoodweeklynews.co.uk XSS vulnerability
Vulnerable URL: http://www.brentwoodweeklynews.co.uk/search/?search=%27prompt%22OPENBUGBOUNTY%22,%2f%2f Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3433159 VIP website status:| No Check...
Lalin - Hackpack & Kali Linux Tools
Lalin is a remake of Lazykali by bradfreda with fixed bugs , added new features and uptodate tools . It's compatible with the latest release of Kali Rolling Changelog Lalin gets updated weekly with new features, improvements and bugfixes. Be sure to check out the Changelog How it works Extract Th...
publishersweekly.com XSS vulnerability
Vulnerable URL: http://publishersweekly.com/pw/email-subscriptions/index.html?email=" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 27628 VIP website status:| Yes Check publishersweekly.com SSL connection:|...
Weekly Planner - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Weekly Planner published at the 'play' market has multiple vulnerabilities...
Upcoming Podcast: Python security projects
Join Coalfire penetration tester Dan McInerney on Thursday April 30th at 6:00pm ET on the Security Weekly Podcast...
CVE-2014-5682
The CVE-2014-5682 entry refers to The Retale - Weekly Ads & Deals (com.retale.android) for Android v2.1.3, where the app does not verify X.509 certificates from SSL servers. This allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Connec...
Weekly Drawing Contest 0.0.1 Check_Vote.PHP Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22937/info Weekly Drawing Contest is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view local files on the...
rubygem-openshift-origin-node: cron.daily/cron.weekly denial of service
Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly...
[ZAP] OWASP Zed Attack Proxy Weekly
The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration...
OWASP Hackademic Challenges Project
The OWASP Hackademic Challenges Project is an open source project that helps you test your knowledge on web application security. You can use it to actually attack web applications in a realistic but also controlable and safe environment. On the left menu you can see all attack scenarios that are...
CVE-2010-0752
The weekpostpage function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors...
Sql injection
The weekpostpage function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors...