Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
839f26db7940b505813ce047ddd26ae71f41b83ecb0aa74057ebfdc424b8057e
DataTables version 1.10.8 suffers from a cross site scripting vulnerability.
6cd21f79315d30a1b359765391dfb3f782051055833ef64c67d853284309a86b
Bugzilla versions 2.0 to 4.2.14, 4.3.1 to 4.4.9, and 4.5.1 to 5.0 suffer from an unauthorized account creation vulnerability.
9b1272725e4045835294ef9f644a6664c5657f9a14374d95b6685f5bdc61cc69
Raritan PowerIQ ships with three default backdoor credentials left in.
2dcd98105d78a18b206ac52d081745dcf42c639e862b7b25a8d8a0c7ab5e2c5e
Android Stagefright remote code execution exploit that leverages an integer overflow in the libstagefright MP4 'stsc' atom handling.
f67b80af5b935bc038028c58afef32987821b769236699aed6fdf96d9c690c1d
SAP NetWeaver AS Java version 7.4 suffers from multiple XXE vulnerabilities. An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the response from the service. An attacker can perform a DoS attack (for example, XML Entity Expansion). An SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways and gets access.
02e1d0a4e09aea20fa9d257a9bab83f794b1d6fbe455cfe78e609b89f08f57bd
HP Security Bulletin HPSBOV03505 1 - Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS running NTP. These vulnerabilities could be exploited remotely to allow unauthenticated attackers to execute code with the privileges of ntpd or cause a Denial of Service (DoS). Revision 1 of this advisory.
6bb3a5080fcc5cd3fa3ca04240ae84814580d927317fa3a57b6645ecaeda982a
Synology Download Station versions 3.5-2956 and 3.5-2962 suffer from multiple cross site scripting vulnerabilities.
c2bfa3b4753d3bfb8fc02e1ef6ea305c761e7d81544de79d1fd8cda1c49d9791
Synology Video Station version 1.5-0757 suffers from remote command injection and SQL injection vulnerabilities.
ac383a126c2810f16ff4b122239d9b71076731a6600a7af65e183e0544582edc
HP Security Bulletin HPSBGN03504 1 - Potential security vulnerabilities have been identified in HP UCMDB which would allow local disclosure of sensitive information. Revision 1 of this advisory.
d856fbc92cc35abc7930a4225181001200de1c1addd95bbef8898f5b7dad5f88
An attacker can use hardcoded credentials to get unauthorized access and perform various actions in the NetWeaver AS ABAP. In addition, it is likely that the code will be implemented into the system as a backdoor.
5a75b13440345faa89ce27ef064614c82121ab50b4b42ab3b21bb4420ecb4fcf
SAP NetWeaver AS ABAP contains a hardcoded username that changes the system's behavior if the user is authenticated successfully. The user may obtain additional information that should not be displayed.
f09b401a94dc0abc65731e388b4e547146fdc661d853f92abd976848dbd808a1