Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
d8dfdb3144906acd4e280cd20b793c5221f74fc92d87b50b3387d41967240e6fPcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP address with one that fits your needs. Afterwards, the manipulated packets are injected into the network. The tool is useful if you want to recreate scenarios where computer attacks or malware infections occurred. Using such scenarios as a base, Pcapteller will make it look like everything is really happening in your network. Pcapteller can help you improving your blue team's network security monitoring skills, or creating network decoys during red team operations.
d3844504a66ad0de7486f7ea22a2d785cf691233626f791a6de690c90281c438WordPress WPTF Image Gallery plugin version 1.03 suffers from an arbitrary remote file download vulnerability.
e39e04a316b2c3e7b42e97e4a5d7d671a447fa25eff91df61d2e342e399d082aWordPress Recent Backups plugin version 0.7 suffers from an arbitrary remote file download vulnerability.
51398282955782a1451dcd0d10f0b3709c0c18f40ce6b4bc09f7c7658093e88aWordPress Simple Image Manipulator plugin version 1.0 suffers from an arbitrary remote file download vulnerability.
aeb69ae2c20996034de7e2551b8a6b60c4aa2efe8b7d44ff46b712b79ea9b492WordPress Candidate Application Form plugin version 1.0 suffers from an arbitrary remote file download vulnerability.
816049deea64461a8d810ffdccfe02412b9685d700f20853132431706a358ad0WordPress Filedownload plugin version 1.4 suffers from an open proxy vulnerability.
8a34f8136cd407380fcfe973539ad5729a136bdd902f99381c0f47b2c521e7fcWordPress Fast Image Adder plugin version 1.1 suffers from a remote shell upload vulnerability.
92e3fb426b6093f0fc7868113431bacafb286dd94b45a14ce4bd19933779b0a8Websense Triton Content Manager version 8.0.0 build 1165 suffers from a stack buffer overflow vulnerability in handle_debug_network.
2be19a5f5bb552bef16fa644e26f18d5a3f9e6501a4d37846f6d8ebe6a800de8The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
98c9cab401dd95c021ee32cf4030aa63a64f08a82c6fe0d2493663e3c6e1c5a3Webfolio CMS version 2.5.1 suffers from an insecure file upload vulnerability.
89b7b64d987ea801fc593ca99caa022a573667c732c049a833b14739d428551fRed Hat Security Advisory 2015-1551-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate.
f81b1c7aa71caea5275592e1b3edd2a6dbb8b26ba81bf656af5c0616e8195285Red Hat Security Advisory 2015-1546-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
684e33562ba74fcc19ec789c71837e144c6ecc819347abd4a30200473e5edca8Webfolio CMS version 2.5.1 suffers from an open redirection vulnerability.
76cc657b49852f9ee7616d77671a408e4023ffba1404db81b96b64453cd72de2This whitepaper deep dives into using BIGINT overflow errors in MySQL in order to extract data upon injection.
e8fbee2a079d4d4558ea961db0b57f97cb03c62856ccc42dab34844750c3ec48PortDog is a network anomaly detector aimed at identifying portscanning attacks. It is entirely written in python and has an easy-to-use interface.
f63e923ee94a697d566a787e7193d4c0179ba1a3041f835265f57968926fd423
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed