Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

EnumJavaLibs is a tool that can be used to discover which libraries are loaded (i.e. available on the classpath) by a remote Java application when it supports deserialization.

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities.

CentOS Control Web Panel version 0.9.8.838 suffers from a user enumeration vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) versions 0.9.8.836 through 0.9.8.840 suffer from a user enumeration vulnerability.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.848 suffers from a user enumeration vulnerability.

CyberArk PSMP versions 10.9.1 and below suffer from a policy restriction bypass vulnerability.

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.

Phrack Viewer Discretion Advised write up called (De)coding an iOS Kernel Vulnerability.

The Microsoft Windows kernel's Registry Virtualization does not safely open the real key for a virtualization location leading to enumerating arbitrary keys resulting in privilege escalation.

AVideo Platform version 8.1 suffers from an information disclosure vulnerability that allows for user enumeration.

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.

bup is a patch for bash that modifies the shell to send all user keystrokes via UDP over the network for collection by a sniffer or a syslogd server. It does not depend on syslogd to send the packets. It is part of the Tools/Data_Capture section of The Honeynet Project.

A patch for the popular open-source FreeRADIUS implementation to demonstrate RADIUS impersonation vulnerabilities by Joshua Wright and Brad Antoniewicz, demonstrated at Shmoocon 4.

Information regarding a simple mitigation to disable 32bit binaries in Linux.

Microsoft Windows Vista / Server 2008 suffer from a NtUserCheckAccessForIntegrityLevel use-after-free vulnerability.

This is a simple perl script to perform dictionary attacks against the KeePass password manager.

This is a script to perform SSH/SSL RSA private key passphrase enumeration with a dictionary attack.