fgeek / pyfiscan Goto Github PK
View Code? Open in Web Editor NEWFree web-application vulnerability and version scanner
License: Other
Free web-application vulnerability and version scanner
License: Other
Current fingerprint detects false-posivites with Git-version of Gallery3.
Mailer should send emails with header Date. Thanks for reporting Tuukka Kivilahti.
At least Drupal 5 and 6 are still supported before 8 is released.
Mailer should send only one email per receiver. Requested by Henri Strand.
Currently there is no fixed in version for latest issues. Makes it pretty hard to communicate with end users.
CVE-2013-4879
CVE-2013-4880
CVE-2013-4881
CVE-2013-5313
Change code so that one application can have multiple issues in fingerprint. This can be used for e.g. affected version ranges in the future.
http://forelsec.blogspot.fi/2013/10/dolibarr-340-multiple-vulnerabilities.html
Does these have CVE? Listed in OSVDB?
No official fix for this?
Template should include following:
Jara has several unfixed vulnerabilities for many years now. Detection should say not to use this software.
Attacker can install the WordPress using remote database and after that execute arbitrary PHP.
This requires new post processing functionality.
References:
2013-08-24 21:49:57 ERROR is_not_secure:166 Traceback (most recent call last):
File "pyfiscan.py", line 164, in is_not_secure
return map(int, secure_version.split('.')) > map(int, file_version.split('.'))
ValueError: invalid literal for int() with base 10: ''
From file:
# CPG MiniCMS Plugin for Coppermine Photo Gallery
claroline/inc/installedVersion.inc.php:$new_version = '1.11.9';
Add support for CVE-2013-3929.
Need support to fetch version number from SQL-database. Probably also affects Joomla 3.x versions.
Could be implemented using http://docs.python.org/library/atexit.html with knowledge of current working directory and queues. Tuomo Komulainen requested this.
Investigate if Gallery 2 is still supported and update gallery.yml accordingly.
SMTPAuthenticationError: (535, 'Incorrect authentication data')
If installation is upgraded from Joomla 1.6.1 to 1.7.x by unzipping there will be both version files libraries/joomla/version.php and includes/version.php where first is the old one.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.