How Red Team Exercises Increases Your Cyber Health

Delve into the world of red team exercises, their vital role in enhancing organizational security through simulated cyberattacks, including tactics like phishing and lateral movement within networks, and understand the need for regular testing and improvement to counter evolving threats effective...

35-year long identity theft leads to imprisonment for victim

Sometimes the consequences of a stolen identity exceed anything you could have imagined. Matthew David Keirans, a 58-year-old former hospital employee has pleaded guilty to assuming another man’s identity since 1988. He was convicted of one count of making a false statement to a National Credit...

Navigating SQL Injection Vulnerabilities with DAST for Modern AppSec

The digital landscape is continuously evolving, and with it, the strategies for safeguarding our applications against vulnerabilities. In a recent advisory, CISA & the FBI have highlighted the critical importance of conducting thorough reviews of code and supply chains. The aim is to unearth any...

Exploit for Command Injection in Thimpress Learnpress

CVE-2023-6634 Exploit Script Description This repository...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-2700

CVE-2024-2700 affects the quarkus-core component: build-time capture of Quarkus-related environment variables (quarkus.) can bake sensitive values into the application, exposing local configuration properties at runtime. The issue is limited to quarkus. properties; application-specific properties...

CVE-2024-26794

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-26740

CVE-2024-26740: In the Linux kernel, the net/sched act_mirred fix uses the Rx backlog for egress→ingress reversals to prevent socket lock deadlocks on certain redirect scenarios. The upstream patch ca22da2fbd69 implements this backlog-based handling; Nessus advisory AXSA references this CVE with ...

The vulnerability of the box_mpy() function in the Virtuoso-OpenSource web application development platform allows a hacker to trigger a service failure.

The vulnerability of the boxmpy function in the Virtuoso-OpenSource web application development platform exists due to insufficient testing of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures after executing the SELECT operator...

CVE-2024-20852

Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration...

CVE-2024-20852

Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration...

CVE-2024-20852

Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration...

CVE-2024-20852

Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration...

CVE-2024-20852

CVE-2024-20852 affects Samsung SmartThings prior to version 1.8.13.22, due to improper verification of intent by a broadcast receiver. Local attackers could access testing configuration. Remediation: upgrade to version 1.8.13.22 or later. No exploitation details are provided in the supplied docum...

PT-2024-18762 · Samsung · Smartthings

Name of the Vulnerable Software and Affected Versions: SmartThings versions prior to 1.8.13.22 Description: The issue is related to improper verification of intent by a broadcast receiver, allowing local attackers to access testing configuration. Recommendations: For versions prior to 1.8.13.22,...

Drozer - The Leading Security Assessment Framework For Android

drozer formerly Mercury is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS. drozer provides tools to...

Exploit for CVE-2024-28247

CVE-2024-28247 Pi-hole Arbitrary File Read Description Thi...

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094 Malicious code was discovered in the upstream ta...

[SECURITY] [DSA 5649-1] xz-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5649-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 29, 2024 https://www.debian.org/security/faq -...