Microsoft Security Update Validation Report October 2024

Microsoft’s October 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwar...

Google Search user interface: A/B testing shows security concerns remain

For the past few days, Google has been A/B testing some subtle visual changes to its user interface for the search results page. You may only get the new UI for certain types of searches or based on your current geolocation. This test is not to be confused with but could part of a previously...

Accumulated Test Vectors

I like tests. I especially like reusable test vector libraries. Sometimes test vectors are lovingly handcrafted to target obscure edge-cases. Those vectors belong in Wycheproof or with the upstream specification. Sometimes though vectors are produced by sheer brute force. Enumerate every possible...

Qualys VMDR Rated as the Only Leader and Outperformer by Independent Analyst Firm for the Second Consecutive Year

Qualys VMDR received the highest possible scores for risk-based assessment, cloud-native and serverless function scanning, and flexibility of deployment, among 20 vendors evaluated in this report. As the threat landscape evolves, vulnerability management remains a cornerstone of security...

Why Fuzzing Isn’t Enough to Test Your APIs for Security Issues

Learn about API testing best practices and find out why fuzzing has limitations for enterprises that need API security...

The vulnerability of the Kernel-mode microprogramming driver for Intel Ethernet E800 series controllers in the Linux operating system allows a hacker to induce a service failure.

The vulnerability of the Kernel-mode microprogramming driver for Intel Ethernet E800 series controllers in the Linux operating system is related to insufficient testing of unusual or exceptional states. Exploiting this vulnerability could allow a perpetrator to cause service failures...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425 Description A Cross Site Scripting vulnerab...

The vulnerability of the version_upgrade.asp function in D-Link router microprogramming devices such as DI-7003G, DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 allows a hacker to execute arbitrary commands.

The vulnerability of the versionupgrade.asp function in D-Link router microprogramming devices such as DI-7003G, DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 is related to insufficient testing of the arguments passed in the command. Exploitation of this...

Exploit for SQL Injection in Bplugins Html5_Video_Player

EN A PoC exploit scanner for CVE-2024-5522 vulnerability in Wo...

xmlsec1 bug fix update

An update is available for xmlsec1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XML Security Library is a C library based on LibXML2 and OpenSSL. The library...

libuser bug fix and enhancement update

An update is available for libuser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libuser library implements a standardized interface for manipulating and...

The vulnerability of Intel Data Center GPU Max relates to insufficient testing of unusual or exceptional states, allowing a perpetrator to trigger a service failure.

The vulnerability of the Intel Data Center GPU Max graphic processor is related to insufficient testing of unusual or exceptional states. Exploiting this vulnerability can allow a perpetrator to cause service failures...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

EN Is a Proof of Concept PoC script to check for vulnerabil...

How to Plan and Prepare for Penetration Testing

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting BGH cyber criminals, a...

Information Disclosure

org.apache.maven.plugins,maven-archetype-plugin is vulnerable to Information Disclosure. The vulnerability is due to the integration testing process, which creates the archetype-settings.xml file containing sensitive information from the user's /.m2/settings.xml, allowing an attacker to access...

Exploit for CVE-2024-9166

CVE-2024-9166 Vulnerability Scanner A Python-based tool to sca...

CVE-2024-47197

A flaw was found in the Maven Archetype Plugin. Archetype integration testing can create a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users /.m2/settings.xml file, which often contains sensitive information or credentials. When the...

GHSA-2QQ7-FCH2-PHQF Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype...

Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly found in penetration...

RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for Windows

This High severity RCE Remote Code Execution vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has...