XSS aka Cross Site Scripting is a client-side attack where an attacker can craft a malicious link, containing script- code which is then executed within the victim's browser when the target site vulnerable to and injected with XSS is viewed. The script-code can be any language supported by the browser but mostly HTML and Javascript is used along with embedded Flash, Java or ActiveX.

In some cases where the XSS vulnerability is persistent as described further below, the attacker will not have to craft a link as the injected script is inserted directly into the target site and / or web application. The target user(s) still has to view the affected site / page where the injected code is located though.

Source
http://pastebin.com/X35W0tkD

by
MaXe

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation

Download
https://github.com/ilektrojohn/creepy/downloads

This is a simple perl script that enumerates various possible directories on a given website in order to determine whether or not a phpMyAdmin instance may be installed.

Source
http://pastebin.com/1cbN2Yfm

WiRouter KeyRec is a powerful and platform independent piece of software that recovers the default WPA passphrases of the supported router's models (Telecom Italia Alice AGPF, Fastweb Pirelli, Fastweb Tesley).

Download
http://tools.salvatorefresta.net/WiRouter_KeyRec_1.0.8.zip

This is the official change log for the updated release:

Added ThreatExpert for online scanning option
Packed libraries onto single executable
Improved Traces signatures
Bug Fixes

Link
http://securityxploit.blogger.de/stories/1848885/