Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.
d8dfdb3144906acd4e280cd20b793c5221f74fc92d87b50b3387d41967240e6f
Pcapteller is a tool designed for simple traffic manipulation and replay. The tool allows you to recreate a recorded network traffic scenario that occurred in a foreign network, as it really happened in yours. Basically, the tool reads network packets from a PCAP file, and it replaces a given IP address with one that fits your needs. Afterwards, the manipulated packets are injected into the network. The tool is useful if you want to recreate scenarios where computer attacks or malware infections occurred. Using such scenarios as a base, Pcapteller will make it look like everything is really happening in your network. Pcapteller can help you improving your blue team's network security monitoring skills, or creating network decoys during red team operations.
d3844504a66ad0de7486f7ea22a2d785cf691233626f791a6de690c90281c438
WordPress WPTF Image Gallery plugin version 1.03 suffers from an arbitrary remote file download vulnerability.
e39e04a316b2c3e7b42e97e4a5d7d671a447fa25eff91df61d2e342e399d082a
WordPress Recent Backups plugin version 0.7 suffers from an arbitrary remote file download vulnerability.
51398282955782a1451dcd0d10f0b3709c0c18f40ce6b4bc09f7c7658093e88a
WordPress Simple Image Manipulator plugin version 1.0 suffers from an arbitrary remote file download vulnerability.
aeb69ae2c20996034de7e2551b8a6b60c4aa2efe8b7d44ff46b712b79ea9b492
WordPress Candidate Application Form plugin version 1.0 suffers from an arbitrary remote file download vulnerability.
816049deea64461a8d810ffdccfe02412b9685d700f20853132431706a358ad0
WordPress Filedownload plugin version 1.4 suffers from an open proxy vulnerability.
8a34f8136cd407380fcfe973539ad5729a136bdd902f99381c0f47b2c521e7fc
WordPress Fast Image Adder plugin version 1.1 suffers from a remote shell upload vulnerability.
92e3fb426b6093f0fc7868113431bacafb286dd94b45a14ce4bd19933779b0a8
Websense Triton Content Manager version 8.0.0 build 1165 suffers from a stack buffer overflow vulnerability in handle_debug_network.
2be19a5f5bb552bef16fa644e26f18d5a3f9e6501a4d37846f6d8ebe6a800de8
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Mac OS X release.
98c9cab401dd95c021ee32cf4030aa63a64f08a82c6fe0d2493663e3c6e1c5a3
Webfolio CMS version 2.5.1 suffers from an insecure file upload vulnerability.
89b7b64d987ea801fc593ca99caa022a573667c732c049a833b14739d428551f
Red Hat Security Advisory 2015-1551-01 - Red Hat JBoss Fuse Service Works is the next-generation ESB and business process automation infrastructure. This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse Service Works 6.0.0. It includes various bug fixes, which are listed in the README file included with the patch files. The following security issues are also fixed with this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate.
f81b1c7aa71caea5275592e1b3edd2a6dbb8b26ba81bf656af5c0616e8195285
Red Hat Security Advisory 2015-1546-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
684e33562ba74fcc19ec789c71837e144c6ecc819347abd4a30200473e5edca8
Webfolio CMS version 2.5.1 suffers from an open redirection vulnerability.
76cc657b49852f9ee7616d77671a408e4023ffba1404db81b96b64453cd72de2
This whitepaper deep dives into using BIGINT overflow errors in MySQL in order to extract data upon injection.
e8fbee2a079d4d4558ea961db0b57f97cb03c62856ccc42dab34844750c3ec48
PortDog is a network anomaly detector aimed at identifying portscanning attacks. It is entirely written in python and has an easy-to-use interface.
f63e923ee94a697d566a787e7193d4c0179ba1a3041f835265f57968926fd423