cve-deep-dives

CVE Deep-Dives In-depth technical analyses of significant v...

Vulnerability-Archive

Vulnerability-Archive Proof-of-Concept PoC exploits and tech...

CVE-Disclosures

CVE-Disclosures This repository, "CVE Disclosures", serves as...

Preventing Adversarial AI Attacks against Autonomous Situational Awareness: a Maritime Case Study

Adversarial artificial intelligence AI attacks pose a significant threat to autonomous transportation, such as maritime vessels, that rely on AI components. Malicious actors can exploit these systems to deceive and manipulate AI-driven operations. This paper addresses three critical research...

CVE-2023-22834

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...

PIP-INTEL - OSINT and Cyber Intelligence Tool

Pip-Intel is a powerful tool designed for OSINT Open Source Intelligence and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity...

SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts

SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...

PT-2024-2141 · Zeek · Icsnpp - Ethercat Zeek Plugin

Name of the Vulnerable Software and Affected Versions: Industrial Control Systems Network Protocol Parsers ICSNPP - Ethercat Zeek Plugin versions d78dda6 and prior Description: The issue is related to an out-of-bounds write in the primary analyses function for Ethercat communication packets. This...

Top Security Posture Vulnerabilities Revealed

Each New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field – the speed at which malicious actors carry out advanced persistent threats brings a constant, evolving battle for cyber resilience. The excitement in...

Exploit for Out-of-bounds Write in Hutool

json.org CVE-2022-45688 false positive The project contains...

CVE-2023-22834

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...

CVE-2023-22834 The contour service was not checking that users had permission to create an analysis for a given dataset

The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...

PT-2023-18716 · Unknown · Contour Service

Name of the Vulnerable Software and Affected Versions: Contour Service affected versions not specified Description: The issue concerns a lack of permission checking in the Contour Service, allowing an attacker to create analyses for datasets they do not have permission for. This could lead to...

Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint

I am doing this episode about July vulnerabilities already in August. There are 2 reasons for this. First of all, July Microsoft Patch Tuesday was published in the middle of the month, as late as possible. Secondly, in the second half of July I spent my free time mostly on coding. And I would lik...

Slither v0.6.7 - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

Manticore - Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts

Manticore is a symbolic execution tool for analysis of binaries and smart contracts. Note: Beginning with version 0.2.0, Python 3.6+ is required. Features Input Generation : Manticore automatically generates inputs that trigger unique code paths Crash Discovery : Manticore discovers inputs that...

Slither - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

What's new in RIPS 2.0.0?

The new release RIPS 2.0.0 includes the following major changes: A complete new interface with optimized performance demo.ripstech.com A new extensive REST API for full feature automation api.ripstech.com Team and user privilege management Application-specific analysis profiles More detailed code...

[SECURITY] Fedora 23 Update: openms-2.0.0-21.20150529git88dc25.fc23

OpenMS is an open-source C++ library for LC/MS data management and analyses. It offers an infrastructure for the rapid development of mass spectrometry related software. It comes with a vast variety ready-to-use tools for proteomics and metabolomics data analysis TOPPTools and powerful 2D and 3D...

Mozilla Firefox XSL - Parsing Remote Memory Corruption PoC (2)

No description provided by source. ------------- by DATASNIPER GREETZ TO THE FOUNDER ; fore more information and bug analyses: http://www.at4re.com/f/showthread.php?p=47560 i tray to manipulate the POC for new idea,you now that the call is calling invalid address 00000000 so i can change it to...