IT Security Tools
News Kategorien unterhalb von IT Security Tools: 0x
News RSS Feeds dieser IT Security Tools Kategorie: IT Security Tools
Benutze Feedly zum Abonieren.
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).
Eigene IT Security Webseite / Blog / Quelle hinzufügen
PHP PHP_INI_SYSTEM Ineffective Controls
Security controls configured via php.ini directives at the PHP_INI_SYSTEM level are ineffective as they could be bypassed by malicious scripts via writing their own process memory on the Linux platform. Proof of concept code included.
Terminus- Terminal Emulator For Windows, MacOS And Linux
Terminus is a highly configurable terminal emulator for Windows, macOS and Linux
- Theming and color schemes
- Fully configurable shortcuts
- Split panes
- Remembers your tabs
- PowerShell (and PS Core), WSL, Git-Bash, Cygwin, Cmder and CMD support
- Integrated SSH client and connection manager
- Full Unicode support including double-width characters
- Doesn't choke on fast-flowing outputs
- Proper shell experience on Windows including tab completion (via Clink)
Terminus is an alternative to Windows' standard terminal (conhost), PowerShell ISE, PuTTY or iTerm
Terminus is not a new shell or a MinGW or Cygwin replacement. Neither is it lightweight - if RAM usage is of importance, consider Conemu or Alacritty
PluginsPlugins and themes can be installed directly from the Settings view inside Terminus.
- clickable-links - makes paths and URLs in the terminal clickable
- shell-selector - a quick shell selector pane
- title-control - allows modifying the title of the terminal tabs by providing a prefix, suffix, and/or strings to be removed
- quick-cmds - quickly send commands to one or all terminal tabs
- save-output - record terminal output into a file
- scrollbar - adds a scrollbar to hterm tabs
- hype - a Hyper inspired theme
- relaxed - the Relaxed theme for Terminus
Slims CMS Akasia 8.3.1 SQL Injection
Slims CMS Akasia version 8.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Red Hat Security Advisory 2019-1245-01
Red Hat Security Advisory 2019-1245-01 - An update is now available for Red Hat Quay 3. Issues addressed include a man-in-the-middle vulnerability.
Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.
Yoga – History, Philosophy and Branches
Yoga – History, Philosophy and Branches
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.
FinalRecon- OSINT Tool For All-In-One Web Reconnaissance
FinalRecon- OSINT Tool for All-In-One Web Reconnaissance
FinalRecon is a fast and simple python script for web reconnaissance.It follows a modular structure so in future new modules can be added with ease.
FeaturesFinalRecon provides detailed information such as :
SSL Certificate Details
Found Flag in SSL Certificate - Securinets CTF Quals 2019 - Hidden (200 Points)
More modules will be added in future
- Kali Linux 2019.1
- BlackArch Linux
Installationgit clone https://github.com/thewhiteh4t/FinalRecon.git
pip3 install -r requirements.txt
Usagepython3 finalrecon.py -h
usage: finalrecon.py [-h] [--headers] [--sslinfo] [--whois] [--crawl] [--full]
FinalRecon - OSINT Tool for All-In-One Web Recon | v1.0.0
url Target URL
-h, --help show this help message and exit
--headers Get Header Information
--sslinfo Get SSL Certificate Information
--whois Get Whois Lookup
--crawl Crawl Target Website
--full Get Full Analysis, Test All Available Options
# Check headers
python3 finalrecon.py --headers <url>
# Check ssl Certificate
python3 finalrecon.py --sslinfo <url>
# Check whois Information
python3 finalrecon.py --whois <url>
# Crawl Target
python3 finalrecon.py --crawl <url>
# full scan
python3 finalrecon.py --full <url>
Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting
Emerson Network Power Liebert Challenger version 5.1E0.5 suffers from a cross site scripting vulnerability.
phpKF 1.10 XSS / CSRF / SQL Injection
phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Top Merits Of Staying Debt-Free In Life
OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.
Hydra Network Logon Cracker 9.0
THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
Common Desktop Environment 2.3.0 dtprintinfo Privilege Escalation
A buffer overflow in the DtPrinterAction::PrintActionExists() function in the Common Desktop Environment 2.3.0 and earlier, as used in Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long printer name passed to dtprintinfo by a malicious lpstat program.
Huawei eSpace 18.104.22.168 Meeting Heap Overflow
Huawei eSpace version 22.214.171.124 Meeting suffers from a heap-based memory overflow vulnerability when parsing large amount of bytes to the 'strNum' string parameter in GetNameyNum() in 'ContactsCtrl.dll' and 'strName' string parameter in SetUserInfo() in eSpaceStatusCtrl.dll library, resulting in heap memory corruption. An attacker can gain access to the system of the affected node and execute arbitrary code.
Huawei eSpace 126.96.36.199 Meeting Image File Format Handling Buffer Overflow
Huawei eSpace version 188.8.131.52 Meeting conference whiteboard functionality is vulnerable to a buffer overflow issue when inserting known image file formats. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Huawei eSpace 184.108.40.206 Unicode Stack Buffer Overflow
Huawei eSpace Meeting cenwpoll.dll unicode stack buffer overflow exploit with SEH overwrite.
Huawei eSpace 220.127.116.11 DLL Hijacking
Huawei eSpace version 18.104.22.168 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share.
Cisco Expressway Gateway 11.5.1 Directory Traversal
Cisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.
Ubuntu Security Notice USN-3985-2
Ubuntu Security Notice 3985-2 - Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, and Daniel Gruss discovered that memory previously stored in microarchitectural fill buffers of an Intel CPU core may be exposed to a malicious process that is executing on the same CPU core. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
Freelance Cockpit CRM 3.3.1 SQL Injection
Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability.
Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Technology, allied in the prevention and extinction of fires
Natural disasters happen more and more frequently: floods, hurricanes, earthquakes, tsunamis, fires … The Earth emits its alarm signal through these meteorological phenomena and climate change is behind most of them. Precisely, the …
The post Technology, allied in the prevention and extinction of fires appeared first on .
GAT-Ship Web Module 1.30 Information Disclosure
GAT-Ship Web Module versions 1.30 and below suffer from an information disclosure vulnerability.
GetSimpleCMS 3.3.15 Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.
Packet Fence 9.0.0
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
Red Hat Security Advisory 2019-1243-01
Red Hat Security Advisory 2019-1243-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 74.0.3729.131. Issues addressed include an out of bounds access vulnerability.
Ubuntu Security Notice USN-3988-1
Ubuntu Security Notice 3988-1 - It was discovered that MediaInfo contained multiple security issues when handling certain multimedia files. If a user were tricked into opening a crafted multimedia file, an attacker could cause MediaInfo to crash, resulting in a denial of service.
Ubuntu Security Notice USN-3986-1
Ubuntu Security Notice 3986-1 - It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.
Red Hat Security Advisory 2019-1238-01
Red Hat Security Advisory 2019-1238-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2019-1237-01
Red Hat Security Advisory 2019-1237-01 - The rh-python35-python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Issues addressed include an information leakage vulnerability.
SeitennavigationSeite 3 von 241 Seiten (Bei Beitrag 70 - 105)
8.407x Beiträge in dieser Kategorie
Auf Seite 2 zurück | Nächste 4 Seite | Letzte Seite
[ 1 ] [ 2 ]  [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ]