SAMSUNG GalaxyDiagnostics 安全漏洞

Samsung GalaxyDiagnostics is a set of self-service hardware testing tools developed by South Korean company Samsung. Previous versions of Samsung GalaxyDiagnostics, such as 3.5.050, contained security vulnerabilities. These vulnerabilities were due to improper input validation, which could allow...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform, which stems from the internal API testing tools being exposed to unverified users. This vulnerability could allow unauthorized...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

CVE-2025-52024

CVE-2025-52024 affects Aptsys POS Platform Web Services. Affected: Aptsys POS Platform Web Services version(s) prior to 2025-05-29. Root cause: unauthenticated access exposes internal API testing tooling and a directory-style index of backend services and POS web services, each with HTML forms fo...

A Comprehensive Evaluation and Practice of System Penetration Testing

With the rapid advancement of information technology, the complexity of applications continues to increase, and the cybersecurity challenges we face are also escalating. This paper aims to investigate the methods and practices of system security penetration testing, exploring how to enhance syste...

sinatra

This is the official repository for the Sinatra web framework. It is a DSL Domain Specific Language for web development, allowing developers to create web applications in a concise and elegant way. The repository contains the core code for Sinatra, as well as various plugins and extensions. The...

Can Codeless Testing Tools Detect Common Security Vulnerabilities?

Learn what Codeless Testing Tools are and how effective they are in detecting common security vulnerabilities, along with understanding their strengths and limitations...

sinatra

This is a Sinatra repository, a DSL for creating web applications in Ruby with minimal effort. The repository contains various files, including a .github/workflows/test.yml file that defines a GitHub Actions workflow for testing, and a Gemfile that lists dependencies for the project. The Gemfile...

POC

Collect so...

Malicious code in sendbird-uikit-testing-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ca3c517cac33d5fa40994b1304bd775f28b7cc7abbe7781a8f98db43839a47ab The OpenSSF Package Analysis project identified 'sendbird-uikit-testing-tools' @ 1019.0.1 npm as malicious. It is considered malicious because: ...

Enabling Cyber Security Education through Digital Twins and Generative AI

Digital Twins DTs are gaining prominence in cybersecurity for their ability to replicate complex IT Information Technology, OT Operational Technology, and IoT Internet of Things infrastructures, allowing for real time monitoring, threat analysis, and system simulation. This study investigates how...

OSCP-Prep

This is a comprehensive guide for information security infosec professionals, particularly those preparing for the OSCP Offensive Security Certified Professional exam. The guide is a collection of various files, including a PDF document, a text file, and a set of cheat sheets. The PDF document,...

Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)

A Python script to check Next.js sites for corrupt middleware vulnerability CVE-2025-29927. The corrupt middleware vulnerability allows an attacker to bypass authentication and access protected routes by send a custom header x-middleware-subrequest. Next JS versions affected: - 11.1.4 and up...

CVE-2024-53999

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...

When to Enable Intermediate Buffering for Local Hard Drive Cache?

Background Enabling Intermediate Buffering improves throughput performance with writing to the write cache drive and can improve target device performance as well. Refer to Buffered Services for additional information on buffered file I/O services. The following are some points to consider before...

A history of ransomware: How did it get this far?

Today's ransomware is the scourge of many organizations. But where did it start? If we define ransomware as malware that encrypts files to extort the owner of the system, then the first malware that could be classified as ransomware is the 1989 AIDS Trojan. However, while it encrypted filenames a...

vulhub

This repository is an offensive tool for a web application vulnerability training platform, 'Vulhub'. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains various vulnerable applications, including web servers, databases, and other...

vulhub

This repository is an offensive tool for a variety of areas, including web application security, container security, and more. It contains a collection of vulnerable environments and tools for testing and learning about various security vulnerabilities. The repository includes a range of tools an...

@essex/powerbi-visual-scripts (=1.1.0), @essex/visual-settings (>=1.0.0 <=3.0.0) +13 more potentially affected by CVE-2018-25049 via email-existence (>=0.1.2 <=0.1.6)

email-existence NPM version =0.1.2, =1.0.0, =1.0.0, =0.1.5, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.4.1, =1.0.0, =1.1.6, =1.2.4 Source cves: CVE-2018-25049 Source advisory: OSV:GHSA-P27H-4CPF-FW48...