Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

Stars: ✭ 63 (-53.68%)

Mutual labels: vulnerability, cve

Vulnogram

Vulnogram is a tool for creating and editing CVE information in CVE JSON format

Stars: ✭ 103 (-24.26%)

Mutual labels: vulnerability, cve

cve-2016-1764

Extraction of iMessage Data via XSS

Stars: ✭ 52 (-61.76%)

Mutual labels: vulnerability, cve

Wprecon

WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.

Stars: ✭ 135 (-0.74%)

Mutual labels: vulnerability, cve

CVE-2019-8449

CVE-2019-8449 Exploit for Jira v2.1 - v8.3.4

Stars: ✭ 66 (-51.47%)

Mutual labels: vulnerability, cve

Cve 2018 20555

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Stars: ✭ 78 (-42.65%)

Mutual labels: vulnerability, cve

Js Vuln Db

A collection of JavaScript engine CVEs with PoCs

Stars: ✭ 2,087 (+1434.56%)

Mutual labels: vulnerability, cve

Ossf Cve Benchmark

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

Stars: ✭ 71 (-47.79%)

Mutual labels: vulnerability, cve

A Red Teamer Diaries

RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.

Stars: ✭ 382 (+180.88%)

Mutual labels: enumeration, vulnerability

Cve 2017 0065

Exploiting Edge's read:// urlhandler

Stars: ✭ 15 (-88.97%)

Mutual labels: vulnerability, cve

Labs

Vulnerability Labs for security analysis

Stars: ✭ 1,002 (+636.76%)

Mutual labels: vulnerability, cve

accounts-material-ui

Material-ui integration with std:accounts-ui

Stars: ✭ 17 (-87.5%)

Mutual labels: accounts, users

MeteorCandy-meteor-admin-dashboard-devtool

The Fast, Secure and Scalable Admin Panel / Dashboard for Meteor.js

Stars: ✭ 50 (-63.24%)

Mutual labels: accounts, users

View All Similar Projects ➔

+----------------+
| massh-enum 1.0 |
+----------------+

        OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473)

        This script contains Matthew Daley Python script <https://bugfuzz.com/stuff/ssh-check-username.py>

        License: GPLv3, <http://www.gnu.org/licenses/>


Description

OpenSSH versions 2.3 up to 7.4 suffer from a username enumeration vulnerability.

The attacker can try to authenticate a user with a malformed packet (for
example, a truncated packet), and:

- if the user is invalid (it does not exist), then userauth_pubkey()
  returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE
  to the attacker;

- if the user is valid (it exists), then sshpkt_get_u8() fails, and the
  server calls fatal() and closes its connection to the attacker.

More information about this vulnerability:
* https://nvd.nist.gov/vuln/detail/CVE-2018-15473
* http://seclists.org/oss-sec/2018/q3/124

How it works?

# ./bin/massh-enum --hosts 10.240.20.0/28 --users wordlists/users
› Generating a list of hosts
› Username Enumeration
host: 10.240.20.1 (p:22), found user: root
host: 10.240.20.1 (p:22), found user: supervisor
host: 10.240.20.2 (p:22), found user: root

Requirements

- Bash (testing on 4.4.19)
- Python (testing on 2.7)
- Nmap (testing on 7.70)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 136

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (2) 🔗