Exploit for Allocation of Resources Without Limits or Throttling in Vmware Spring_Framework

Spring CVE-2022-22970 Proof of Concept This repo contains...

Microsoft Security Update Validation Report October 2024

Microsoft’s October 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwar...

Microsoft Security Update Validation Report August 2024

Microsoft’s August 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

Exploit for Improper Restriction of XML External Entity Reference in Adobe Commerce

CVE-2024-34102 ★ Thanks to @th3gokul, Sanjaith3hacker, Chocapi...

Microsoft Security Update Validation Report July 2024

Microsoft’s July 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

ZendFramework Potential Cross-site Scripting in Development Environment Error View Script

The default error handling view script generated using ZendTool failed to escape request parameters when run in the "development" configuration environment, providing a potential XSS attack vector. ZendToolProjectContextZfViewScriptFile was patched such that the view script template now calls the...

Microchip MPLAB 安全漏洞

Microchip MPLAB Net is an integrated development environment from Microchip Corporation. A security vulnerability exists in Microchip MPLAB that stems from the presence of a data validation issue...

Microsoft Security Update Validation Report March 2024

Microsoft’s March 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

[SECURITY] Fedora 40 Update: rstudio-2023.12.1+402-2.fc40

RStudio is an integrated development environment IDE for R. It includes a console, syntax-highlighting editor that supports direct code execution, as well as tools for plotting, history, debugging and workspace management. This package provides common files for rstudio-desktop and rstudio-server...

Micronaut management endpoints vulnerable to drive-by localhost attack

Summary Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. Details A...

GHSA-583G-G682-CRXF Micronaut management endpoints vulnerable to drive-by localhost attack

Summary Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. Details A...

Design/Logic Flaw

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

Nemesis - An Offensive Data Enrichment Pipeline

Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...

GNAT Ada Suite: Remote Code Execution

Background The GNAT Ada Suite is an Ada development environment. Description A vulnerability has been discovered in GNAT Ada Suite. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workarou...

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments based on UEFI and PI specifications from the Tianocore community. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the CreateHob function...

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...

Adobe ColdFusion Input Validation Error Vulnerability (CNVD-2023-91796)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an input validation error vulnerability that can be exploited by an attacker to...

Microsoft Security Update Validation Report November 2023

Microsoft’s November 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

Microsoft Security Update Validation Report September 2023

Microsoft’s September 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues September still be found upon implementation. Follow best practices for testing and installing...