Afuzz - Automated Web Path Fuzzing Tool For The Bug Bounty Projects

Afuzz is an automated web path fuzzing tool for the Bug Bounty projects. Afuzz is being actively developed by @rapiddns Features Afuzz automatically detects the development language used by the website, and generates extensions according to the language Uses blacklist to filter invalid pages Uses...

Farnetwork the Mastermind of Five Ransomware Strains

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Farnetwork, a highly skilled threat actor fluent in Russian, has played a key role in five distinct ransomware-as-a-service RaaS programs, assuming diverse roles such as orchestrator and contributor to...

CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters

Affected versions Symfony versions =2.0.0,4.4.51, =5.0.0,5.4.31, and =6.0.0,6.3.8 of the Symfony Twig Bridge are affected by this security issue. The issue has been fixed in Symfony 4.4.51, 5.4.31, 6.3.8. All other versions are not maintained anymore. Description Some filters in the CodeExtension...

Navigating the AI security landscape: From executive orders to cyber resilience

Explore the implications of the US Executive Order, discover the challenges and solutions in AI development, and learn how Coalfire's tailored approach ensures robust AI risk management...

samba: "rpcecho" development server allows denial of service via sleep() call on AD DC

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

SUSE: Security Advisory (SUSE-SU-2023:4368-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-42669 Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

Fedora: Security Advisory (FEDORA-2023-89ade611ee)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-a67af7d8f4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the recovery mode implementation in the software development tool for engineering applications, Drawings SDK, relates to writing beyond buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the recovery mode implementation in the software development tool for engineering applications, Drawings SDK, is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Amazon Linux 2023 : minizip-compat, minizip-compat-devel, zlib (ALAS2023-2023-410)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-410 advisory. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ This exploit...

[SECURITY] Fedora 39 Update: gdb-13.2-10.fc39

GDB, the GNU debugger, allows you to debug programs written in C, C++, Fortran, Go, and other languages, by executing them in a controlled fashion and printing their data. If you want to use GDB for development purposes, you should install the 'gdb' package which will install 'gdb-headless' and...

Eclipse Glassfish Security Vulnerability

Eclipse GlassFish is an open source application server from the Eclipse Foundation. A security vulnerability exists in Eclipse Glassfish versions 5 and 6, which stems from the use of older versions of the JDK versions prior to 6u211, prior to 7u201, and prior to 8u191, and can be exploited by an...

SUSE: Security Advisory (SUSE-SU-2023:4287-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Announcing Microsoft Secure Future Initiative to advance security engineering

Today Microsoft’s Vice Chair and President Brad Smith shared insight on the global cybersecurity landscape and introduced our Secure Future Initiative. These engineering advances anticipate future cyberthreats, such as increasing digital attacks on identity systems. They also address how we will...

Announcing Microsoft Secure Future Initiative to advance security engineering

Today Microsoft’s Vice Chair and President Brad Smith shared insight on the global cybersecurity landscape and introduced our Secure Future Initiative. These engineering advances anticipate future cyberthreats, such as increasing digital attacks on identity systems. They also address how we will...

SUSE: Security Advisory (SUSE-SU-2023:4287-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-6819 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev605-gfc9e29089-master Description: The issue is related to a heap-buffer-overflow in the gf isom use compact size function of the GPAC multimedia platform. This can be exploited to cause a denial of service. The...

The vulnerability of multi-platform software for local development and website debugging, caused by buffer overflows, allows attackers to trigger service failures.

The vulnerability of multi-platform software for local website development and debugging is due to buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...