CVE-2024-38544

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxecompqueuepkt In rxecompqueuepkt an incoming response packet skb is enqueued to the resppkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb ...

CVE-2024-38565 wifi: ar5523: enable proper endpoint verification

In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports 1 hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...

GHSA-GMRM-8FX4-66X7 Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c25h-c27q-5qpv. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently...

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing th...

CVE-2024-6045 D-Link router - Hidden Backdoor

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing th...

MeterSphere Cross-Site Scripting Vulnerability

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...

Microsoft Security Update Validation Report June 2024

Microsoft’s June 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

Exploit for OS Command Injection in Php

CVE-2024-4577 PHP-CGI RCE Quick Detection Usage: ba...

CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...

Top 10 Critical Pentest Findings 2024: What You Need to Know

One of the most effective ways for information technology IT professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's...

MeterSphere 跨站脚本漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...

Exploit for OS Command Injection in Php

CVE-2024-4577: PHP CGI Argument Injection XAMPP 💀 Featur...

Exploit for OS Command Injection in Php

PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI...

Fedora: Security Advisory for rust-cargo-insta (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-C74F-6MFW-MM4V Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

Exploit for CVE-2024-4956

CVE-2024-4956 This repository contains a Python utility for a...

The system’s vulnerability for testing and training SAP IDES arises from the lack of measures taken to neutralize special elements used in the operating system command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the SAP IDES system for testing and training exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

[SECURITY] Fedora 39 Update: wildcard-0.3.3-3.fc39

Wildcard gives you a nice and simple to use interface to test/practice regular expressions...

[SECURITY] Fedora 39 Update: rust-tree-sitter-cli-0.22.5-2.fc39

CLI tool for developing, testing, and using Tree-sitter parsers...