7377 matches found
Under The Hoodie: The Pen Test Diaries
Breaking In So You Don’t Have To Each year, Rapid7 penetration testers conduct over 1,000 security assessments, pushing boundaries to expose vulnerabilities before the bad guys do. The mission? Get in, escalate privileges, and own the environment—physically, digitally, or sometimes just by...
CVE-2025-1580
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack...
CVE-2025-1580
The connected sources corroborate a SQL injection in PHPGurukul Nipah Virus Testing Management System 1.0, triggered by manipulating the searchdata parameter in /search-report-result.php. The vulnerability can be exploited remotely, and multiple advisories note contradicting parameter names as pa...
[SECURITY] Fedora 41 Update: python3.8-3.8.20-2.fc41
Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...
[SECURITY] Fedora 40 Update: python3.8-3.8.20-2.fc40
Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...
PHPGurukul Nipah virus Testing Management System 注入漏洞
Nipah Virus Testing Management System is an online virus diagnostic platform. The Nipah Virus Testing Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the /search-report-result.php file. An attacker can...
CVE-2025-27090
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...
[SECURITY] Fedora 41 Update: python3.9-3.9.21-4.fc41
Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...
[SECURITY] Fedora 40 Update: python3.9-3.9.21-4.fc40
Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...
CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...
CVE-2025-27090
CVE-2025-27090 pertains to Sliver, an open-source adversary emulation framework. The issue is in the reverse port forwarding feature of the Sliver teamserver: the implant can open a reverse tunnel without verifying operator intent. The documented impact is the exposure of the server’s IP address ...
Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os
This tool tests whether a target PAN-OS device is vulnerable to...
Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os
This tool tests whether a target PAN-OS device is vulnerable to...
kernel: xfrm: fix one more kernel-infoleak in algo dumping
A vulnerability was found in the xfrm module in the Linux Kernel. This issue was discovered during fuzz testing, where uninitialized memory containing potentially sensitive data was inadvertently copied to user-space. This issue occurs when dumping IPsec algorithm data structures, exposing random...
CLSA-2025-1739812360 php: Fix of CVE-2024-8929
CVE-2024-8929: fix various heap buffer over-reads for mysqlnd - Modify spec and run-tests.php to fix extension loading during testing...
Microsoft Security Update Validation Report February 2025
Microsoft’s February 2025 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...
Web Security Training
This document is aimed at those who want to learn more about web security and application penetration testing. It is coupled with a free course and provides topics with a few bullet points describing what the vulnerability entails, then a screenshot and relevant payload, demonstrating the...
Fedora 41 : chromium (2025-d83e49a948)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d83e49a948 advisory. Update to 133.0.6943.98 CVE-2025-0995: Use after free in V8 CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0997: Use after free ...
Fedora 41 : libheif (2025-8fdb7be3cb)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8fdb7be3cb advisory. Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more...
CVE-2025-23789
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tahminajannat URL Shortener | Conversion Tracking | AB Testing | WooCommerce easy-broken-link-checker allows Reflected XSS.This issue affects URL Shortener | Conversion Tracking | AB Testing |...