Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Sky File version 2.1.0 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

This tool enumerates hostnames from Bing.com for an IP address. Bing.com is Microsoft's search engine which has an IP: search parameter. Written in Bash for Linux. Requires wget.

EnumJavaLibs is a tool that can be used to discover which libraries are loaded (i.e. available on the classpath) by a remote Java application when it supports deserialization.

XMB - eXtreme Message Board version 1.9.11.13 suffers from weak crypto and insecure password storage vulnerabilities.

Whitepaper called Android Security Research: Crypto Wallet Local Storage Attack.

This Metasploit module exploits a directory traversal in Huawei HG255.

DotNetNuke CMS version 9.4.4 suffers from zip split issue where a directory traversal attack can be performed to overwrite files or execute malicious code.

PHPKB Multi-Language 9 suffers from an authenticated directory traversal vulnerability.

Jinfornet Jreport version 15.6 suffers from an unauthenticated directory traversal vulnerability.

Joomla Fabrik component version 3.9.11 suffers from a directory traversal vulnerability.

Zen Load Balancer version 3.10.1 suffers from a directory traversal vulnerability. This finding was originally discovered by Cody Sixteen.

TVT NVMS 1000 suffers from a directory traversal vulnerability.

Booked Scheduler version 2.7.7 suffers from an authenticated directory traversal vulnerability.

Tornado version 1.0 suffers from an insecure cookie vulnerability.

PHP Hosting Directory version 2.0 suffers from an insecure cookie vulnerability that allows for administrative bypass.

PHPDirector version 0.30 suffers from an insecure cookie handling vulnerability that allows for privilege escalation.

WordPress Tutor LMS plugin version 1.5.3 suffers from a cross site request forgery vulnerability.

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

Online Book Store version 1.0 suffers from an arbitrary file upload vulnerability.

Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.

Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability.

The Great War: Linux -vs- Minix

The CA BrightStor Discovery Service overflow exploit is a perl module exploits a vulnerability in the CA BrightStor Discovery Service which occurs when a large request is sent to UDP port 41524, triggering a stack overflow. Targets include Win32, win2000, winxp, and win2003. More information available here.

CA BrightStor Discovery Service SERVICEPC Overflow for Win32, win2000, winxp, and win2003 which exploits a vulnerability in the TCP listener on port 45123. Affects all known versions of the BrightStor product. More information available here.

This is a MySQL backdoor kit for Windows based on the UDFs (User Defined Functions) mechanism. It can be used to spawn a reverse shell (netcat UDF on port 80/tcp) or to execute single OS commands (exec UDF). Tested on MySQL 4.0.18-win32 (running on Windows XP SP2), MySQL 4.1.22-win32 (running on Windows XP SP2), MySQL 5.0.27-win32 (running on Windows XP SP2).

This Metasploit module is an exploit that takes advantage of xglance-bin, part of HP's Glance (or Performance Monitoring) version 11 and subsequent, which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating libraries in this location will result in an escalation of privileges to root.

This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.

Easy Transfer version 1.7 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

Online Clothing Store version 1.0 suffers from a persistent cross site scripting vulnerability.

This simple tool is useful to test a PABX with "allow guest" parameter set to "yes" (in this scenario an anonymous caller could place a call). The aim of the tool is to ring all the sip Terminal Equipment (phones).

This is a whitepaper that discusses using DCSync to pull password hashes from a domain controller.