jetlib.sec » Tags » framework

Feeds

133354 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

153 items tagged "framework"

Related tags: spring framework [+], ruby [+], testing [+], open source platform [+], network security professionals [+], robust architecture [+], joomla [+], forensics [+], flexible module system [+], digital [+], application [+], seam [+], ruby programming [+], red hat security [+], read [+], p framework [+], jboss seam [+], jboss [+], inclusion [+], expression language [+], directory traversal vulnerability [+], darknet [+], authentication [+], txt [+], security [+], information [+], framework version [+], corruption [+], code [+], application framework [+], whitepaper [+], sneak peak [+], sneak [+], play [+], minimal architecture [+], integer overflow vulnerability [+], horde [+], hacking [+], gadget [+], directory [+], cpu architectures [+], chaos communication congress [+], zend framework [+], zend [+], web [+], testing management [+], sql injection [+], shell [+], safer use [+], runtimes [+], reframeworker [+], qcodo [+], php [+], penetration [+], pdo [+], nonumber [+], modified versions [+], memory corruption [+], management event [+], integer [+], heap [+], dradis [+], development framework [+], development [+], code execution [+], bugtraq [+], beta [+], ardeacore [+], arbitrary code [+], Tools [+], metasploit [+], xml [+], x imageio [+], wi fi access point [+], uri spoofing [+], traffic redirection [+], tgz [+], telephony [+], tarball [+], smtp servers [+], service interface [+], security framework [+], released [+], publique [+], programming knowledge [+], open source security [+], network protocols [+], memory [+], malicious client [+], mac os x [+], java gui [+], information gathering [+], fuzztalk [+], exploitpack [+], compiler optimization [+], class instances [+], black hat [+], audit framework [+], arp spoofing [+], arbitrary code execution [+], apple officeimport [+], apple mac os x [+], apple mac os [+], administration interface [+], net [+], microsoft net framework [+], microsoft [+], metasploit framework [+], vulnerability [+], zikula [+], yersinia [+], xsrf [+], wxf [+], web application [+], way [+], vulnerabilities [+], video [+], usa [+], uri open [+], update [+], unmanned aerial vehicles [+], subscription customers [+], springsource [+], someone [+], sockets [+], social engineering [+], slides [+], security content [+], scap [+], rhost [+], remote [+], purpose [+], poc [+], pentest [+], penetration testers [+], openscap [+], open source framework [+], officeimport [+], new feature [+], meterpreter [+], metasploit project [+], lib [+], ledgersmb [+], layer [+], keynote [+], jpeg [+], james lee tags [+], integer overflow [+], information disclosure [+], hack in the box [+], gantry [+], framework system [+], fifth beta [+], execution [+], excel [+], evilgrade [+], encoderparameter [+], eio [+], dynamic nature [+], dubai [+], don [+], dns [+], detection [+], database [+], cross site scripting [+], core module [+], clue [+], class classloader [+], class [+], cktricky [+], burp [+], buby [+], black [+], barroso [+], authors [+], audio [+], asp [+], arachni [+], apple mobile [+], apple [+], alfredo andres david barroso [+], alfredo [+], Supporto [+], Software [+], Newbie [+], ExploitsVulnerabilities [+], Countermeasures [+], Area [+], information disclosure vulnerability [+], spring [+], padding [+], usbsploit [+], smtp messages [+], proof of concept [+], lnk files [+], ipv4 and ipv6 [+], ipv [+], gnunet [+], abstraction layer [+]

• May 10, 2012
• 21:28

  [Paper] A framework for automated architecture-independent gadget search

   » ‎ SecDocs
  Tags: hacking
  Event: Chaos Communication Congress 27th (27C3) 2010
  Abstract: We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set. Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.

  Tags:  framework code gadget chaos-communication-congress cpu-architectures minimal-architecture  

• 21:28

  [Slides] A framework for automated architecture-independent gadget search

   » ‎ SecDocs
  Tags: hacking
  Event: Chaos Communication Congress 27th (27C3) 2010
  Abstract: We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set. Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.

  Tags:  framework code gadget chaos-communication-congress cpu-architectures minimal-architecture  

• 21:28

  [Video] A framework for automated architecture-independent gadget search

   » ‎ SecDocs
  Tags: hacking
  Event: Chaos Communication Congress 27th (27C3) 2010
  Abstract: We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set. Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.

  Tags:  framework code gadget chaos-communication-congress cpu-architectures minimal-architecture  

• May 09, 2012
• 21:36

  [Audio] A framework for automated architecture-independent gadget search

   » ‎ SecDocs
  Tags: hacking
  Event: Chaos Communication Congress 27th (27C3) 2010
  Abstract: We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set. Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.

  Tags:  framework code gadget chaos-communication-congress cpu-architectures minimal-architecture  

• April 24, 2012
• 14:00

  [dos / poc] - .NET Framework EncoderParameter Integer Overflow

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  [dos / poc] - .NET Framework EncoderParameter Integer Overflow

  Tags:  poc framework net integer-overflow  

• April 23, 2012
• 13:42

  .NET Framework EncoderParameter Integer Overflow

   » ‎ Packet Storm Security Exploits
  An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.

  Tags:  integer framework net integer-overflow-vulnerability heap corruption  

• 13:42

  .NET Framework EncoderParameter Integer Overflow

   » ‎ Packet Storm Security Recent Files
  An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.

  Tags:  integer framework net integer-overflow-vulnerability heap corruption  

• 13:42

  .NET Framework EncoderParameter Integer Overflow

   » ‎ Packet Storm Security Misc. Files
  An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.

  Tags:  integer framework net integer-overflow-vulnerability heap corruption  

• 11:00

  Bugtraq: .NET Framework EncoderParameter integer overflow vulnerability

   » ‎ SecurityFocus Vulnerabilities
  .NET Framework EncoderParameter integer overflow vulnerability

  Tags:  encoderparameter framework net integer-overflow-vulnerability  

• April 15, 2012
• 12:11

  Joomla JA T3-Framework Directory Traversal

   » ‎ Packet Storm Security Exploits
  Joomla JA T3-Framework suffers from a directory traversal vulnerability.

  Tags:  directory framework joomla directory-traversal-vulnerability  

• 12:11

  Joomla JA T3-Framework Directory Traversal

   » ‎ Packet Storm Security Recent Files
  Joomla JA T3-Framework suffers from a directory traversal vulnerability.

  Tags:  directory framework joomla directory-traversal-vulnerability  

• 12:11

  Joomla JA T3-Framework Directory Traversal

   » ‎ Packet Storm Security Misc. Files
  Joomla JA T3-Framework suffers from a directory traversal vulnerability.

  Tags:  directory framework joomla directory-traversal-vulnerability  

• March 28, 2012
• 0:00

  Vuln: Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability

  Tags:  framework microsoft net microsoft-net-framework vulnerability authentication  

• March 21, 2012
• 0:00

  Vuln: Microsoft .NET Framework CVE-2011-3415 Form Authentication URI Open Redirection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework CVE-2011-3415 Form Authentication URI Open Redirection Vulnerability

  Tags:  framework microsoft net uri-open microsoft-net-framework vulnerability authentication  

• January 10, 2012
• 0:00

  Vuln: Microsoft .NET Framework CVE-2011-3415 Forms Authentication URI Spoofing Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework CVE-2011-3415 Forms Authentication URI Spoofing Vulnerability

  Tags:  framework microsoft net uri-spoofing microsoft-net-framework vulnerability authentication  

• 0:00

  Vuln: Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability

  Tags:  framework microsoft net microsoft-net-framework vulnerability authentication  

• December 30, 2011
• 0:00

  Vuln: Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability

  Tags:  framework microsoft net microsoft-net-framework vulnerability authentication  

• December 29, 2011
• 0:00

  Vuln: Microsoft .NET Framework CVE-2011-3415 Forms Authentication URI Spoofing Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework CVE-2011-3415 Forms Authentication URI Spoofing Vulnerability

  Tags:  framework microsoft net uri-spoofing microsoft-net-framework vulnerability authentication  

• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Forms Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Forms Security Bypass Vulnerability

  Tags:  framework microsoft asp microsoft-net-framework vulnerability  

• 0:00

  Vuln: Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Security Bypass Vulnerability

  Tags:  framework microsoft net microsoft-net-framework vulnerability  

• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Forms CVE-2011-3417 Security Bypass Vulnerability

  Tags:  framework microsoft net microsoft-net-framework vulnerability  

• December 27, 2011
• 9:47

  GNUnet P2P Framework 0.9.1

   » ‎ Packet Storm Security Recent Files
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv p-framework smtp-messages abstraction-layer ipv4-and-ipv6  

• 9:47

  GNUnet P2P Framework 0.9.1

   » ‎ Packet Storm Security Tools
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv p-framework smtp-messages abstraction-layer ipv4-and-ipv6  

• 9:47

  GNUnet P2P Framework 0.9.1

   » ‎ Packet Storm Security Misc. Files
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv p-framework smtp-messages abstraction-layer ipv4-and-ipv6  

• December 24, 2011
• 3:59

  [Slides] Yersinia, A Framework For Layer 2 Attacks

   » ‎ SecDocs
  Authors: Alfredo Andres David Barroso Berrueta
  Tags: network
  Event: Black Hat EU 2005
  

  Tags:  authors framework layer yersinia alfredo-andres-david-barroso black-hat barroso alfredo  

• November 30, 2011
• 17:05

  GNUnet P2P Framework 0.9.0

   » ‎ Packet Storm Security Recent Files
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv p-framework smtp-messages abstraction-layer ipv4-and-ipv6  

• 17:05

  GNUnet P2P Framework 0.9.0

   » ‎ Packet Storm Security Tools
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv p-framework smtp-messages abstraction-layer ipv4-and-ipv6  

• 17:05

  GNUnet P2P Framework 0.9.0

   » ‎ Packet Storm Security Misc. Files
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv p-framework smtp-messages abstraction-layer ipv4-and-ipv6  

• November 14, 2011
• 9:37

  w3af v1.1 Released For Download – Web Application Attack & Audit Framework

   » ‎ Darknet
  w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross [...]
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  framework application web read audit-framework darknet web-application database hacking  

• October 18, 2011
• 7:02

  Joomla NoNumber Framework Local File Inclusion / Shell Upload

   » ‎ Packet Storm Security Exploits
  The Joomla NoNumber Framework component suffers from local file inclusion and shell upload vulnerabilities.

  Tags:  framework nonumber joomla inclusion shell  

• 7:02

  Joomla NoNumber Framework Local File Inclusion / Shell Upload

   » ‎ Packet Storm Security Recent Files
  The Joomla NoNumber Framework component suffers from local file inclusion and shell upload vulnerabilities.

  Tags:  framework nonumber joomla inclusion shell  

• 7:02

  Joomla NoNumber Framework Local File Inclusion / Shell Upload

   » ‎ Packet Storm Security Misc. Files
  The Joomla NoNumber Framework component suffers from local file inclusion and shell upload vulnerabilities.

  Tags:  framework nonumber joomla inclusion shell  

• October 12, 2011
• 10:00

  Bugtraq: LedgerSMB 1.3.0 released, includes anti-XSRF framework

   » ‎ SecurityFocus Vulnerabilities
  LedgerSMB 1.3.0 released, includes anti-XSRF framework

  Tags:  framework ledgersmb xsrf bugtraq  

• October 04, 2011
• 14:22

  ExploitPack Security Framework

   » ‎ Packet Storm Security Recent Files
  Exploit Pack is an open source security framework that combines the benefits of a Java GUI, Python as an Engine, and well-known exploits in the wild. It has an IDE to make the task of developing new exploits easier, instant search, and XML-based modules.

  Tags:  framework exploitpack security open-source-security security-framework java-gui  

• 14:22

  ExploitPack Security Framework

   » ‎ Packet Storm Security Tools
  Exploit Pack is an open source security framework that combines the benefits of a Java GUI, Python as an Engine, and well-known exploits in the wild. It has an IDE to make the task of developing new exploits easier, instant search, and XML-based modules.

  Tags:  framework exploitpack security open-source-security security-framework java-gui  

• September 09, 2011
• 9:04

  Bugtraq: CVE-2011-2730: Spring Framework Information Disclosure

   » ‎ SecurityFocus Vulnerabilities
  CVE-2011-2730: Spring Framework Information Disclosure

  Tags:  framework spring information information-disclosure spring-framework  

• 9:04

  Bugtraq: CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities

   » ‎ SecurityFocus Vulnerabilities
  CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities

  Tags:  framework spring security spring-framework vulnerabilities  

• 7:43

  Spring Framework / Spring Security Serialization-Based Issues

   » ‎ Packet Storm Security Advisories
  Spring Framework versions 3.0.0 to 3.0.5 and Spring Security versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 suffer from serialization issues. Several issues have been reported which may affect applications which de-serialize objects from an untrusted source such as a remote client. It is possible for a malicious client to inject undesirable behavior into the server by serializing proxies rather than specific class instances, or by taking advantage of internal AOP interfaces which were being exposed through the remote service, in addition to the service interface.

  Tags:  framework spring security class-instances malicious-client service-interface  

• 7:43

  Spring Framework / Spring Security Serialization-Based Issues

   » ‎ Packet Storm Security Misc. Files
  Spring Framework versions 3.0.0 to 3.0.5 and Spring Security versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 suffer from serialization issues. Several issues have been reported which may affect applications which de-serialize objects from an untrusted source such as a remote client. It is possible for a malicious client to inject undesirable behavior into the server by serializing proxies rather than specific class instances, or by taking advantage of internal AOP interfaces which were being exposed through the remote service, in addition to the service interface.

  Tags:  framework spring security class-instances malicious-client service-interface  

• 7:36

  Spring Framework Information Disclosure

   » ‎ Packet Storm Security Advisories
  Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.

  Tags:  framework spring information information-disclosure-vulnerability spring-framework  

• 7:36

  Spring Framework Information Disclosure

   » ‎ Packet Storm Security Recent Files
  Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.

  Tags:  framework spring information information-disclosure-vulnerability spring-framework  

• 7:36

  Spring Framework Information Disclosure

   » ‎ Packet Storm Security Misc. Files
  Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.

  Tags:  framework spring information information-disclosure-vulnerability spring-framework  

• September 06, 2011
• 6:31

  FuzzTalk Fuzzing Framework 1.0.0.0

   » ‎ Packet Storm Security Recent Files
  FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.

  Tags:  fuzztalk xml framework smtp-servers network-protocols programming-knowledge  

• 6:31

  FuzzTalk Fuzzing Framework 1.0.0.0

   » ‎ Packet Storm Security Misc. Files
  FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.

  Tags:  fuzztalk xml framework smtp-servers network-protocols programming-knowledge  

• August 19, 2011
• 7:06

  Sneak Peak At The Metasploit Framework - II

   » ‎ Packet Storm Security Recent Files
  Whitepaper called Sneak Peak at the Metasploit Framework - II. This article covers using databases with the Metasploit Framework in detail.

  Tags:  framework metasploit sneak metasploit-framework sneak-peak whitepaper  

• 7:06

  Sneak Peak At The Metasploit Framework - II

   » ‎ Packet Storm Security Misc. Files
  Whitepaper called Sneak Peak at the Metasploit Framework - II. This article covers using databases with the Metasploit Framework in detail.

  Tags:  framework metasploit sneak metasploit-framework sneak-peak whitepaper  

• August 12, 2011
• 0:00

  Vuln: Microsoft .NET Framework Chart Control Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework Chart Control Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework  

• August 09, 2011
• 0:00

  Vuln: Microsoft .NET Framework 'System.Net.Sockets' Namespace Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework 'System.Net.Sockets' Namespace Security Bypass Vulnerability

  Tags:  framework microsoft net framework-system microsoft-net-framework sockets  

• August 01, 2011
• 18:20

  Metasploit Framework 4.0.0

   » ‎ Packet Storm Security Recent Files
  The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

  Tags:  testing framework metasploit ruby open-source-platform network-security-professionals ruby-programming  

• 18:20

  Metasploit Framework 4.0.0

   » ‎ Packet Storm Security Tools
  The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

  Tags:  testing framework metasploit ruby open-source-platform network-security-professionals ruby-programming  

• 18:20

  Metasploit Framework 4.0.0

   » ‎ Packet Storm Security Misc. Files
  The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

  Tags:  testing framework metasploit ruby open-source-platform network-security-professionals ruby-programming  

• July 31, 2011
• 6:40

  Sneak Peak At The Metasploit Framework

   » ‎ Packet Storm Security Recent Files
  This whitepaper is an article that covers the basic structure of Metasploit and the need for it as a framework. It provides guidance on the different techniques of information gathering and scans.

  Tags:  framework metasploit sneak metasploit-framework sneak-peak information-gathering  

• 6:40

  Sneak Peak At The Metasploit Framework

   » ‎ Packet Storm Security Misc. Files
  This whitepaper is an article that covers the basic structure of Metasploit and the need for it as a framework. It provides guidance on the different techniques of information gathering and scans.

  Tags:  framework metasploit sneak metasploit-framework sneak-peak information-gathering  

• July 18, 2011
• 19:33

  Red Hat Security Advisory 2011-0951-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2011-0951-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

  Tags:  seam framework jboss red-hat-security expression-language jboss-seam  

• 19:33

  Red Hat Security Advisory 2011-0951-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2011-0951-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

  Tags:  seam framework jboss red-hat-security expression-language jboss-seam  

• 19:33

  Red Hat Security Advisory 2011-0951-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2011-0951-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

  Tags:  seam framework jboss red-hat-security expression-language jboss-seam  

• 19:25

  Red Hat Security Advisory 2011-0950-01

   » ‎ Packet Storm Security Advisories
  Red Hat Security Advisory 2011-0950-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

  Tags:  seam framework jboss red-hat-security expression-language jboss-seam  

• 19:25

  Red Hat Security Advisory 2011-0950-01

   » ‎ Packet Storm Security Recent Files
  Red Hat Security Advisory 2011-0950-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

  Tags:  seam framework jboss red-hat-security expression-language jboss-seam  

• 19:25

  Red Hat Security Advisory 2011-0950-01

   » ‎ Packet Storm Security Misc. Files
  Red Hat Security Advisory 2011-0950-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. It was found that the fix for CVE-2011-1484 was incomplete: JBoss Seam 2 did not block access to all malicious JBoss Expression Language constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.

  Tags:  seam framework jboss red-hat-security expression-language jboss-seam  

• June 02, 2011
• 0:00

  Vuln: Zend Framework 'PDO_MySql' Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Zend Framework 'PDO_MySql' Security Bypass Vulnerability

  Tags:  pdo zend framework zend-framework vulnerability  

• May 30, 2011
• 0:00

  Vuln: Zend Framework 'PDO_MySql' Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Zend Framework 'PDO_MySql' Security Bypass Vulnerability

  Tags:  pdo zend framework zend-framework vulnerability  

• May 24, 2011
• 23:25

  Digital Forensics Framework 1.1.0

   » ‎ Packet Storm Security Recent Files
  DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

  Tags:  digital framework forensics flexible-module-system robust-architecture  

• 23:25

  Digital Forensics Framework 1.1.0

   » ‎ Packet Storm Security Tools
  DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

  Tags:  digital framework forensics flexible-module-system robust-architecture  

• 23:25

  Digital Forensics Framework 1.1.0

   » ‎ Packet Storm Security Misc. Files
  DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

  Tags:  digital framework forensics flexible-module-system robust-architecture  

• May 22, 2011
• 7:56

  JRuby + Buby + wXf = fun

   » ‎ Carnal0wnage
  The Web Exploitation Framework has created two separate versions of the console. The version you get depends on the environment it is started in.
  
  If JRuby, as of now, you get a version of the framework that allows you to interact with Burp from the console and run Buby scripts (with the flexibility of changing options easily and quickly).
  
  Here is a video of this new step for the framework:
  
  
  Buby Module from cktricky on Vimeo.
  
  Documentation can be found at the wiki page for wXf.
  
  For those of you who have been following the Buby Script Basics of this blog, I hope you'll apply that knowledge to creating a module in wXf. This is a great way for us to share our individual scripts in a way that allows them to be customized on the fly (because the console can set options like the rhost, rport, content to extract, etc.)
  
  Anyway, hopefully this new feature of the framework can continue to grow and become a more powerful feature.
  
  Happy Hacking,
  
  ~cktricky

  Tags:  framework wxf buby rhost burp new-feature cktricky  

• May 19, 2011
• 0:00

  Vuln: Zend Framework 'PDO_MySql' Security Bypass Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Zend Framework 'PDO_MySql' Security Bypass Vulnerability

  Tags:  pdo zend framework zend-framework vulnerability  

• May 17, 2011
• 15:59

  Apple OfficeImport Framework Excel Memory Corruption Vulnerability

   » ‎ SecuriTeam
  Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  corruption framework memory apple-officeimport memory-corruption safer-use arbitrary-code  

• 15:54

  Apple OfficeImport Framework Excel Memory Corruption Vulnerability

   » ‎ SecuriTeam
  Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  corruption framework memory apple-officeimport memory-corruption safer-use arbitrary-code  

• April 13, 2011
• 0:00

  Vuln: Microsoft .NET Framework x86 JIT compiler Stack Corruption Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework x86 JIT compiler Stack Corruption Remote Code Execution Vulnerability

  Tags:  framework microsoft net code-execution microsoft-net-framework vulnerability  

• April 05, 2011
• 13:36

  USBsploit 0.6

   » ‎ Packet Storm Security Recent Files
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  framework metasploit usbsploit metasploit-framework lnk-files proof-of-concept  

• 13:36

  USBsploit 0.6

   » ‎ Packet Storm Security Tools
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  framework metasploit usbsploit metasploit-framework lnk-files proof-of-concept  

• 13:36

  USBsploit 0.6

   » ‎ Packet Storm Security Misc. Files
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  framework metasploit usbsploit metasploit-framework lnk-files proof-of-concept  

• March 07, 2011
• 9:59

  Metasploit Framework 3.6.0

   » ‎ Packet Storm Security Recent Files
  The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

  Tags:  testing framework metasploit ruby open-source-platform network-security-professionals ruby-programming  

• 9:59

  Metasploit Framework 3.6.0

   » ‎ Packet Storm Security Tools
  The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

  Tags:  testing framework metasploit ruby open-source-platform network-security-professionals ruby-programming  

• 9:59

  Metasploit Framework 3.6.0

   » ‎ Packet Storm Security Misc. Files
  The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

  Tags:  testing framework metasploit ruby open-source-platform network-security-professionals ruby-programming  

• February 05, 2011
• 8:21

  Qcodo Development Framework 0.3.3 Information Disclosure

   » ‎ Packet Storm Security Exploits
  Qcodo Development Framework version 0.3.3 suffers from an information disclosure vulnerability.

  Tags:  development framework qcodo information-disclosure-vulnerability development-framework framework-version  

• 8:21

  Qcodo Development Framework 0.3.3 Information Disclosure

   » ‎ Packet Storm Security Recent Files
  Qcodo Development Framework version 0.3.3 suffers from an information disclosure vulnerability.

  Tags:  development framework qcodo information-disclosure-vulnerability development-framework framework-version  

• 8:21

  Qcodo Development Framework 0.3.3 Information Disclosure

   » ‎ Packet Storm Security Misc. Files
  Qcodo Development Framework version 0.3.3 suffers from an information disclosure vulnerability.

  Tags:  development framework qcodo information-disclosure-vulnerability development-framework framework-version  

• February 04, 2011
• 12:05

  The Metasploit Framework

   » ‎ Packet Storm Security Recent Files
  Whitepaper called The Metasploit Framework. It gives an overview of using Metasploit and is written in Macedonian.

  Tags:  framework metasploit whitepaper metasploit-framework  

• 12:05

  The Metasploit Framework

   » ‎ Packet Storm Security Misc. Files
  Whitepaper called The Metasploit Framework. It gives an overview of using Metasploit and is written in Macedonian.

  Tags:  framework metasploit whitepaper metasploit-framework  

• January 12, 2011
• 20:12

  Digital Forensics Framework 0.9

   » ‎ Packet Storm Security Recent Files
  DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

  Tags:  digital framework forensics flexible-module-system robust-architecture  

• 20:12

  Digital Forensics Framework 0.9

   » ‎ Packet Storm Security Tools
  DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

  Tags:  digital framework forensics flexible-module-system robust-architecture  

• 20:12

  Digital Forensics Framework 0.9

   » ‎ Packet Storm Security Misc. Files
  DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

  Tags:  digital framework forensics flexible-module-system robust-architecture  

• January 09, 2011
• 21:05

  Metasploit Framework Telephony

   » ‎ Packet Storm Security Recent Files
  Whitepaper called Metasploit Framework Telephony.

  Tags:  framework telephony metasploit metasploit-framework  

• 21:05

  Metasploit Framework Telephony

   » ‎ Packet Storm Security Misc. Files
  Whitepaper called Metasploit Framework Telephony.

  Tags:  framework telephony metasploit metasploit-framework  

• December 29, 2010
• 6:44

  ardeaCore 2.25 PHP Framework Remote File Inclusion

   » ‎ Packet Storm Security Exploits
  ardeaCore version 2.2.5 PHP Framework suffers from multiple remote file inclusion vulnerabilities.

  Tags:  framework ardeacore php inclusion  

• 6:44

  ardeaCore 2.25 PHP Framework Remote File Inclusion

   » ‎ Packet Storm Security Recent Files
  ardeaCore version 2.2.5 PHP Framework suffers from multiple remote file inclusion vulnerabilities.

  Tags:  framework ardeacore php inclusion  

• 6:44

  ardeaCore 2.25 PHP Framework Remote File Inclusion

   » ‎ Packet Storm Security Misc. Files
  ardeaCore version 2.2.5 PHP Framework suffers from multiple remote file inclusion vulnerabilities.

  Tags:  framework ardeacore php inclusion  

• December 14, 2010
• 9:11

  USBsploit 0.5

   » ‎ Packet Storm Security Recent Files
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  framework metasploit usbsploit metasploit-framework lnk-files proof-of-concept  

• 9:11

  USBsploit 0.5

   » ‎ Packet Storm Security Tools
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  framework metasploit usbsploit metasploit-framework lnk-files proof-of-concept  

• 9:11

  USBsploit 0.5

   » ‎ Packet Storm Security Misc. Files
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  framework metasploit usbsploit metasploit-framework lnk-files proof-of-concept  

• 0:00

  Vuln: Microsoft .NET Framework JIT Compiler Optimization Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework JIT Compiler Optimization Remote Code Execution Vulnerability

  Tags:  framework microsoft net compiler-optimization code-execution microsoft-net-framework  

• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• November 22, 2010
• 0:00

  Vuln: Apple Mobile OfficeImport Framework Excel Record Memory Corruption Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Apple Mobile OfficeImport Framework Excel Record Memory Corruption Vulnerability

  Tags:  excel framework officeimport apple-mobile memory-corruption vulnerability apple  

• November 08, 2010
• 0:00

  Vuln: Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability

  Tags:  framework application horde application-framework vulnerability  

• November 05, 2010
• 0:00

  Vuln: Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Horde Application Framework 'icon_browser.php' Cross-Site Scripting Vulnerability

  Tags:  framework application horde application-framework vulnerability  

• November 01, 2010
• 22:01

  isr-evilgrade-2.0.0.tar.gz

   » ‎ Packet Storm Security Tools
  Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.

  Tags:  framework dns way arp-spoofing wi-fi-access-point traffic-redirection  

• 14:46

  Evilgrade - The Update Exploitation Framework 2.0

   » ‎ Packet Storm Security Tools
  Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. This framework comes into play when the attacker is able to make traffic redirection, and such thing can be done in several ways such as: DNS tampering, DNS Cache Poisoning, ARP spoofing Wi-Fi Access Point impersonation, DHCP hijacking with your favorite tools. This way you can easy take control of a fully patched machine during a penetration test in a clean and easy way. The main idea behind the is to show the amount of trivial errors in the update process of mainstream applications.

  Tags:  evilgrade framework update arp-spoofing wi-fi-access-point traffic-redirection  

• October 28, 2010
• 11:02

  Digital Forensics Framework 0.8

   » ‎ Packet Storm Security Tools
  DFF (Digital Forensics Framework) is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules.

  Tags:  digital framework forensics flexible-module-system robust-architecture  

• 1:01

  usbsploit-0.4-BETA-linux-i686.tar.gz

   » ‎ Packet Storm Security Tools
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  usbsploit framework metasploit beta metasploit-framework lnk-files proof-of-concept  

• October 27, 2010
• 23:28

  USBsploit 0.4

   » ‎ Packet Storm Security Tools
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  framework metasploit usbsploit metasploit-framework lnk-files proof-of-concept  

• October 20, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• October 18, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• October 14, 2010
• 22:01

  usbsploit-0.3-BETA-linux-i686.tar.gz

   » ‎ Packet Storm Security Tools
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  usbsploit framework metasploit beta metasploit-framework lnk-files proof-of-concept  

• 20:45

  USBsploit 0.3b

   » ‎ Packet Storm Security Tools
  USBsploit is a proof of concept that will generate Reverse TCP backdoors (x86, x64, all ports) and malicious LNK files. USBsploit works through Meterpreter sessions with a light (27MB) modified version of Metasploit. The interface is a mod of SET. The Meterscript script usbsploit.rb of the USBsploit Framework can otherwise be used with the original Metasploit Framework.

  Tags:  framework metasploit usbsploit metasploit-framework lnk-files proof-of-concept  

• 0:00

  Vuln: Microsoft .NET Framework JIT Compiler Optimization Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework JIT Compiler Optimization Remote Code Execution Vulnerability

  Tags:  framework microsoft net compiler-optimization code-execution microsoft-net-framework  

• October 06, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• October 05, 2010
• 23:33

  [Slides] Keynote: A new detection framework

   » ‎ SecDocs
  Tags: malware antivirus IDS
  Event: Hack In The Box 2010 Dubai
  

  Tags:  framework keynote detection dubai hack-in-the-box slides  

• October 04, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• September 28, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• September 27, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• September 24, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• September 21, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• September 20, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• September 18, 2010
• 0:00

  Vuln: Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Microsoft .NET Framework ASP.NET Padding Oracle Information Disclosure Vulnerability

  Tags:  framework microsoft net information-disclosure-vulnerability microsoft-net-framework padding  

• September 07, 2010
• 0:29

  Arachni – Web Application Vulnerability Scanning Framework

   » ‎ Darknet
  Arachni is a feature-full and modular Ruby framework that allows penetration testers and administrators to evaluate the security of web applications. Arachni is smart, it trains itself with every HTTP response it receives during the audit process. Unlike other scanners, Arachni takes into account the dynamic nature of web applications and can...
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  framework arachni web read ruby penetration-testers darknet dynamic-nature hacking Tools  

• September 06, 2010
• 15:21

  Gantry Framework 3.0.10 (Joomla) Blind SQL Injection Exploit

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Gantry Framework 3.0.10 (Joomla) Blind SQL Injection Exploit

  Tags:  framework gantry joomla sql-injection  

• August 17, 2010
• 0:00

  Vuln: Spring Framework 'class.classLoader' Code Injection Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Spring Framework 'class.classLoader' Code Injection Vulnerability

  Tags:  framework spring class class-classloader spring-framework vulnerability  

• August 12, 2010
• 8:01

  playframework-traversal.txt

   » ‎ Packet Storm Security Recent Files
  Play! Framework versions 1.0.3.1 and below suffer from a directory traversal vulnerability.

  Tags:  txt framework play directory-traversal-vulnerability  

• 8:01

  playframework-traversal.txt

   » ‎ Packet Storm Security Exploits
  Play! Framework versions 1.0.3.1 and below suffer from a directory traversal vulnerability.

  Tags:  txt framework play directory-traversal-vulnerability  

• August 11, 2010
• 0:00

  Vuln: Play! Framework Directory Traversal Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Play! Framework Directory Traversal Vulnerability

  Tags:  directory framework play directory-traversal-vulnerability  

• August 10, 2010
• 16:31

  Apple Mac OS X ImageIO Framework JPEG2000 Code Execution Vulnerability

   » ‎ SecuriTeam
  This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X.

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  code vulnerability framework x-imageio apple-mac-os apple-mac-os-x mac-os-x  

• 13:01

  Play! Framework

   » ‎ 1337day (was: Inj3ct0r, 1337db)
  Play! Framework

  Tags:  framework play  

• July 16, 2010
• 2:03

  Metasploit Framework 3.4.1 Released – 16 New Exploits, 22 Modules & 11 Meterpreter Scripts

   » ‎ Darknet
  The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1. This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month here. Rest assured that more is in store for Meterpreter on other platforms. A new extension called Railgun is now integrated into Meterpreter...
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  framework metasploit meterpreter read metasploit-framework metasploit-project darknet ExploitsVulnerabilities  

• July 13, 2010
• 18:35

  SpringSource Spring Framework Execution of Arbitrary Code Vulnerability

   » ‎ SecuriTeam
  An arbitrary code execution vulnerability was discovered in Springsource's Spring Framework..

  -

  Make your website safer. Use external penetration testing service. First report ready in one hour!

  Tags:  framework spring springsource arbitrary-code-execution spring-framework safer-use  

• July 12, 2010
• 20:46

  framework-3.4.1.tar.bz2

   » ‎ Packet Storm Security Tools
  The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

  Tags:  framework testing metasploit ruby open-source-platform network-security-professionals metasploit-framework  

• 12:02

  Bugtraq: Metasploit Framework 3.4.1 Released

   » ‎ SecurityFocus Vulnerabilities
  Metasploit Framework 3.4.1 Released

  Tags:  framework metasploit released metasploit-framework bugtraq  

• June 25, 2010
• 2:30

  w3af 1.0-rc3 Available For Download – Web Application Attack & Audit Framework

   » ‎ Darknet
  Our last mention of w3af was back in 2008 when the fifth BETA was released, the team have recently released a new version 1.0 – Release Candidate 3. w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy [...]
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  framework application web read beta fifth-beta audit-framework darknet hacking Tools  

• June 21, 2010
• 4:33

  OpenSCAP – Framework For Implementing SCAP (Security Content Automation Protocol)

   » ‎ Darknet
  The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP SCAP [...]
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  scap framework openscap read open-source-framework security-content darknet Countermeasures  

• June 19, 2010
• 18:01

  springframework-exec.txt

   » ‎ Packet Storm Security Advisories
  Spring Framework suffers from an arbitrary code execution vulnerability. Versions affected include 3.0.0 to 3.0.2, 2.5.0 to 2.5.6SEC01 (community releases) and 2.5.0 to 2.5.7 (subscription customers).

  Tags:  txt framework spring arbitrary-code-execution subscription-customers spring-framework  

• June 18, 2010
• 13:00

  Bugtraq: CVE-2010-1622: Spring Framework execution of arbitrary code

   » ‎ SecurityFocus Vulnerabilities
  CVE-2010-1622: Spring Framework execution of arbitrary code

  Tags:  execution framework spring spring-framework arbitrary-code bugtraq  

• June 08, 2010
• 0:00

  Vuln: Zikula Application Framework 'lang' Parameter Cross Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Zikula Application Framework 'lang' Parameter Cross Site Scripting Vulnerability

  Tags:  zikula framework application application-framework cross-site-scripting vulnerability  

• May 19, 2010
• 21:00

  framework-3.4.0.tar.bz2

   » ‎ Packet Storm Security Tools
  The Metasploit Framework is an advanced open-source platform for developing, testing, and using exploit code. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

  Tags:  framework testing metasploit ruby open-source-platform network-security-professionals metasploit-framework  

• 10:00

  Bugtraq: Metasploit Framework 3.4.0 Released

   » ‎ SecurityFocus Vulnerabilities
  Metasploit Framework 3.4.0 Released

  Tags:  framework metasploit released metasploit-framework  

• May 14, 2010
• 21:04

  [Slides] Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework

   » ‎ SecDocs
  Authors: James Lee
  Tags: Metasploit
  Event: Black Hat DC 2010
  Abstract: Sometimes you need to choose your exploits precisely and be careful about the packets you write to the wire. Sometimes you just want to type a command, go get some coffee, and come back to a pile of shells. This talk will cover the means that the Metasploit Framework provides for accomplishing both of these goals, including many advancements from my talk at Black Hat USA in the realm of client-side exploitation.

  Tags:  framework black metasploit james-lee-tags usa metasploit-framework unmanned-aerial-vehicles black-hat  

• April 23, 2010
• 2:57

  ReFrameworker – General Purpose Framework Modifier

   » ‎ Darknet
  ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework’s classes, in order...
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  reframeworker purpose framework read runtimes modified-versions darknet hacking Tools  

• April 19, 2010
• 18:00

  ReFrameworker-1.1.tgz

   » ‎ Packet Storm Security Tools
  ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework's classes, in order to produce modified binaries that can replace the original ones. This tarball includes both the binary and source code releases.

  Tags:  reframeworker tgz framework runtimes modified-versions tarball  

• 18:00

  ReFrameworker-1.1.tgz

   » ‎ Packet Storm Security Recent Files
  ReFrameworker is a general purpose Framework modifier, used to reconstruct framework Runtimes by creating modified versions from the original implementation that was provided by the framework vendor. ReFrameworker performs the required steps of runtime manipulation by tampering with the binaries containing the framework's classes, in order to produce modified binaries that can replace the original ones. This tarball includes both the binary and source code releases.

  Tags:  reframeworker tgz framework runtimes modified-versions tarball  

• April 06, 2010
• 6:42

  probema con Social Engineering toolKit

   » ‎ remote-exploit & backtrack
  Salve a tutta la comunità,da un pò di tempo a questa parte,il toolkit social engineering mi da qualke errore e di conseguenza il mancato corretto funzionamento ! cerco di creare un clone di un sito web,iniettando un applet java,quindi scelgo di caricare il payload,poi scelgo il metodo per bypassare le difese di un computer(shingata ganai),ed infine scelgo la porta da mettere in ascolto,subito dopo digitando la porta e dando conferma mi compaiono queste scritte :
  
  /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `readlines': Input/output error - /root/.msf3/modcache (Errno::EIO)
  from /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `read_groups'
  from /pentest/exploits/framework3/lib/rex/parser/ini.rb:90:in `from_file'
  from /pentest/exploits/framework3/lib/msf/core/module_manager.rb:435:in `set_module_cache_file'
  from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:102:in `simplify'
  from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:70:in `create'
  from /pentest/exploits/framework3/msfpayload:36
  
  ciò ke prima non comparivano,vabbè poi vado avanti:
  
  
  [-] Encoding the payload 4 times to get around pesky Anti-Virus. [-]
  
  /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `readlines': Input/output error - /root/.msf3/modcache (Errno::EIO)
  from /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `read_groups'
  from /pentest/exploits/framework3/lib/rex/parser/ini.rb:90:in `from_file'
  from /pentest/exploits/framework3/lib/msf/core/module_manager.rb:435:in `set_module_cache_file'
  from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:102:in `simplify'
  from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:70:in `create'
  from /pentest/exploits/framework3/msfencode:157
  ************************************************** ******
  Do you want to create a Linux/OSX reverse_tcp payload
  in the Java Applet attack as well?
  ************************************************** ******
  
  Enter choice yes or no: no
  
  
  e POI questo :
  
  ************************************************** *
  Web Server Launched. Welcome to the SET Web Attack.
  ************************************************** *
  
  [--] Tested on IE6, IE7, IE8 and FireFox [--]
  [*] Launching MSF Listener...[*] This may take a few to load MSF...[*] Don't tase me bro!
  /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `readlines': Input/output error - /root/.msf3/modcache (Errno::EIO)
  from /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `read_groups'
  from /pentest/exploits/framework3/lib/rex/parser/ini.rb:90:in `from_file'
  from /pentest/exploits/framework3/lib/msf/core/module_manager.rb:435:in `set_module_cache_file'
  from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:102:in `simplify'
  from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:70:in `create'
  from /pentest/exploits/framework3/lib/msf/ui/console/driver.rb:96:in `initialize'
  from /pentest/exploits/framework3/msfconsole:92:in `new'
  from /pentest/exploits/framework3/msfconsole:92
  
  
  in conclusione,il webserver non parte e ritorna automaticamente al menù,ho provato ad aggiornare il toolkit ma niente da fare ! qualcuno ha qualke suggerimento?

  Tags:  framework lib pentest don core-module eio social-engineering Supporto Software  

• April 05, 2010
• 16:00

  Bugtraq: ZDI-10-058: Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  ZDI-10-058: Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability

  Tags:  framework jpeg remote x-imageio apple-mac-os apple-mac-os-x mac-os-x  

• April 01, 2010
• 0:00

  Vuln: Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability

  Tags:  framework application horde administration-interface application-framework  

• March 10, 2010
• 21:01

  [Video] Dradis Framework - Sharing Information will get you Root

   » ‎ SecDocs
  Tags: penetration testing management
  Event: DEFCON 17
  

  Tags:  video dradis framework testing-management management-event  

• 21:01

  [Audio] Dradis Framework - Sharing Information will get you Root

   » ‎ SecDocs
  Tags: penetration testing management
  Event: DEFCON 17
  

  Tags:  dradis audio framework testing-management management-event penetration  

• 21:01

  [Slides] Dradis Framework - Sharing Information will get you Root

   » ‎ SecDocs
  Tags: penetration testing management
  Event: DEFCON 17
  

  Tags:  dradis framework information testing-management management-event penetration  

• February 28, 2010
• 14:23

  Metasploit Framework

   » ‎ remote-exploit & backtrack
  I read ecsployt's quick tutorial on metasploit and it intrigued me..
  
  i got to the end and read a few comments on how good and helpfull it was.
  
  but i have to say i still dont have clue what is going on. can someone suggest some reading for someone like me, (lets say a total vegatable).
  
  Thanks.:confused:

  Tags:  framework someone metasploit clue Newbie Area  

• 14:00

  remote penetration framework final [p.y]

   » ‎ darkc0de
  remote penetration framework final [p.y]

  Tags:  framework penetration  

• February 23, 2010
• 18:00

  GNUnet-0.8.1b.tar.gz

   » ‎ Packet Storm Security Tools
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv smtp-messages abstraction-layer ipv4-and-ipv6  

• 18:00

  GNUnet-0.8.1b.tar.gz

   » ‎ Packet Storm Security Recent Files
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv smtp-messages abstraction-layer ipv4-and-ipv6  

• February 16, 2010
• 0:00

  Vuln: Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability

   » ‎ SecurityFocus Vulnerabilities
  Horde Application Framework Administration Interface 'PHP_SELF' Cross-Site Scripting Vulnerability

  Tags:  framework application horde administration-interface application-framework  

• February 15, 2010
• 16:00

  GNUnet-0.8.1a.tar.gz

   » ‎ Packet Storm Security Tools
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv smtp-messages abstraction-layer ipv4-and-ipv6  

• 16:00

  GNUnet-0.8.1a.tar.gz

   » ‎ Packet Storm Security Recent Files
  GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.

  Tags:  framework gnunet ipv smtp-messages abstraction-layer ipv4-and-ipv6  

• January 26, 2010
• 0:00

  publique-sql.txt

   » ‎ Packet Storm Security Recent Files
  Publique! Framework version 2.3 suffers from a remote SQL injection vulnerability.

  Tags:  publique txt framework sql-injection framework-version vulnerability  

• 0:00

  publique-sql.txt

   » ‎ Packet Storm Security Exploits
  Publique! Framework version 2.3 suffers from a remote SQL injection vulnerability.

  Tags:  publique txt framework sql-injection framework-version vulnerability