Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Stars: ✭ 15 (-94.09%)

Mutual labels: cve

Disclosures

Public Disclosures

Stars: ✭ 63 (-75.2%)

Mutual labels: cve

Eagle

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Stars: ✭ 85 (-66.54%)

Mutual labels: cve

veye-checker

This projects creates SHA values for locale binaries - Shazam for packages.

Stars: ✭ 22 (-91.34%)

Mutual labels: scans

Writeups

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

Stars: ✭ 61 (-75.98%)

Mutual labels: cve

advisories

Advisories and Proofs of Concept by BlackArrow

Stars: ✭ 17 (-93.31%)

Mutual labels: cve

log4j2-rce-exploit

log4j2 remote code execution or IP leakage exploit (with examples)

Stars: ✭ 62 (-75.59%)

Mutual labels: cve

vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Stars: ✭ 269 (+5.91%)

Mutual labels: cve

cwe-sdk-javascript

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

Stars: ✭ 18 (-92.91%)

Mutual labels: cve

reprise

Simplified module reloader for Elixir

Stars: ✭ 40 (-84.25%)

Mutual labels: scans

Exploits

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

Stars: ✭ 75 (-70.47%)

Mutual labels: cve

log4jscanwin

Log4j Vulnerability Scanner for Windows

Stars: ✭ 142 (-44.09%)

Mutual labels: cve

web-cve-tests

A simple framework for sending test payloads for known web CVEs.

Stars: ✭ 120 (-52.76%)

Mutual labels: cve

PoC-CVE-2021-41773

No description or website provided.

Stars: ✭ 39 (-84.65%)

Mutual labels: cve

CVE-Stockpile

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

Stars: ✭ 41 (-83.86%)

Mutual labels: cve

moonwalk

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

Stars: ✭ 544 (+114.17%)

Mutual labels: cve

Detect-CVE-2017-15361-TPM

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

Stars: ✭ 34 (-86.61%)

Mutual labels: cve

View All Similar Projects ➔

versionscan

Versionscan is a tool for evaluating your currently installed PHP version and checking it against known CVEs and the versions they were fixed in to report back potential issues.

PLEASE NOTE: Work is still in progress to adapt the tool to linux distributions that backport security fixes. As of right now, this only reports back for the straight up version reported.

Installation

Using Composer

{
    "require": {
        "psecio/versionscan": "dev-master"
    }
}

The only current dependency is the Symfony console.

Usage

To run the scan against your current PHP version, use:

bin/versionscan

The script will check the PHP_VERSION for the current instance and generate the pass/fail results. The output looks similar to:

Executing against version: 5.4.24
+--------+---------------+------+------------------------------------------------------------------------------------------------------+
| Status | CVE ID        | Risk | Summary                                                                                              |
+--------+---------------+------+------------------------------------------------------------------------------------------------------+
| FAIL   | CVE-2014-3597 | 6.8  | Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 ... |
| FAIL   | CVE-2014-3587 | 4.3  | Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in... |

Results will be reported back colorized as well to easily show the pass/fail of the check.

Parameters

There are several parameters that can be given to the tool to configure its scans and results:

PHP Version

If you'd like to define a PHP version to check other than the one the script finds itself, you can use the php-version parameter:

bin/versionscan scan --php-version=4.3.2

Report Only Failures

You can also tell the versionscan to only report back the failures and not the passing tests:

bin/versionscan scan --fail-only

Sorting results

You can also sort the results either by the CVE ID or by severity (risk rating), with the sort parameter and either the "cve" or "risk" value:

bin/versionscan scan --sort=risk

Output formats

By default versionscan will output information directly to the console in a human-readable result. You can also specify other output formats that may be easier to parse programatically (like JSON). Use the --format option to change the output:

vendor/bin/versionscan scan --php-version=5.5 --format=json

Supported output formats are console, json, xml and html.

The HTML output format requires an --output option of the directory to write the file:

vendor/bin/versionscan scan --php-version=5.5 --format=html --output=/var/www/output

The result will be written to a file named something like versionscan-output-20150808.html

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 254

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (4) 🔗