Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges

Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...

[SECURITY] Fedora 40 Update: python3.6-3.6.15-34.fc40

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report

In the 2024 Cloud Web Application and API Protection WAAP CyberRisk Comparative Validation Report from SecureIQLab, Imperva outperformed all other vendors in both security efficacy and operational efficiency. This comprehensive report, based on third-party testing, demonstrates Imperva's commitme...

Exploit for Command Injection in Commscope Arris_Tg2482A_Firmware

EN This project provides a Python script to exploit a remote c...

MAL-2024-7963 Malicious code in incisive_testing_stufff (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37f03819dee879740c46b3604769e69cdb0402e7b91eed0ae39079f3306d5bad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7962 Malicious code in incisive_testing_stuffasdasdasd (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdb1bfbec781368ae80887d0cfbf5274c13f6e71f0f1c93de027875714a9f1c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Details Matter: Pentesting a single device to guarantee security

Rapid7’s penetration testing services regularly assess internal networks of various sizes. For this particular engagement, however, Rapid7 was tasked with performing a penetration test of just one device on an internal network. The device was being piloted for future deployment and the customer h...

SUSE CVE-2024-41097

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

RobotsAndPencils go-saml authentication bypass vulnerability

RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...

PT-2024-25801

Name of the Vulnerable Software and Affected Versions Nuxt affected versions not specified Description The issue arises from insufficient validation of the path parameter in the NuxtTestComponentWrapper, allowing an attacker to execute arbitrary JavaScript on the server side. This enables the...

Exploit for Command Injection in Nikhil-Bhalerao Poultry_Farm_Management_System

PoC exploit for CVE-2024-40110, an arbitrary file upload vulnera...

CVE-2024-42115

In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2freeinode During the stress testing of the jffs2 file system,the following abnormal printouts were found: 2430.649000 Unable to handle kernel paging request at virtual address...

CVE-2024-42090

A deadlock flaw was found in the Linux kernel’s pinctrl subsystem. This flaw allows a local user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and...

CVE-2024-42071

In the Linux kernel, the following vulnerability has been resolved: ionic: use devconsumeskbany outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call napiconsumeskb, specifically we need to call it with budget==0 to signal to it that we're not in a safe...

CVE-2024-41097

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...

PT-2024-5757 · Unknown · Kraken Stress Testing Toolkit

Name of the Vulnerable Software and Affected Versions: Kraken Stress Testing Toolkit affected versions not specified Description: The issue is related to the lack of protection for the SQL query structure in the Kraken Stress Testing Toolkit, a tool for load testing SIEM systems. This can be...

Mobile Security Framework 安全漏洞

Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...

A Senate Bill Would Radically Improve Voting Machine Security

This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities...

New Research: The Proliferation of Cellular in IoT

Researchers explain the trend and argue for deeper understanding Analysis of Cellular Based Internet of Things IoT Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner. In thi...

DEBIAN-CVE-2024-42115

In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2freeinode During the stress testing of the jffs2 file system,the following abnormal printouts were found: 2430.649000 Unable to handle kernel paging request at virtual address...