13 matches found
EUVD-2020-19487
Malware in sbrugna...
EUVD-2023-31057
Malicious code in bioql PyPI...
Enterprise Security Incident Analysis and Countermeasures Based on the T-Mobile Data Breach
This paper presents a comprehensive analysis of T-Mobile's critical data breaches in 2021 and 2023, alongside a full-spectrum security audit targeting its systems, infrastructure, and publicly exposed endpoints. By combining case-based vulnerability assessments with active ethical hacking...
CVE-2023-27279
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533...
CVE-2025-26524
This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/...
CVE-2024-10464
Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
IBM Aspera Faspex Denial of Service Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. A denial of service vulnerability exists in IBM Aspera Faspex, which stems from a lack of API rate limiting, and can be exploited by an attacker to cause a...
CVE-2023-27279 IBM Aspera Faspex denial of service
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a user to cause a denial of service due to missing API rate limiting. IBM X-Force ID: 248533...
CVE-2023-27279
The vulnerability CVE-2023-27279 affects IBM Aspera Faspex 5.0.0–5.0.7 and is caused by missing API rate limiting, enabling denial of service. Remediation is to upgrade to Faspex 5.0.8 (IBM advisory notes this fix). Impact is rated MEDIUM (CVSS 3.1 base score 6.5); no exploitation details are pro...
Security Bulletin: IBM Aspera Faspex is vulnerable to multiple encryption vulnerabilities.
Summary IBM Aspera Faspex 5.0.8 has addressed multiple encryption vulnerabilities CVE-2023-22869, CVE-2023-37396, CVE-2023-27279, CVE-2023-37395, CVE-2023-37397, CVE-2022-40745 Vulnerability Details CVEID:CVE-2023-22869 DESCRIPTION: IBM Aspera Faspex stores potentially sensitive information in lo...
Code injection
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server TGS, an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct respon...
IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request
Extension for Burp Suite which uses AWS API Gateway to change your IP on every request. More info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ Description This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the...
goGetBucket - A Penetration Testing Tool To Enumerate And Analyse Amazon S3 Buckets Owned By A Domain
When performing a recon on a domain - understanding assets they own is very important. AWS S3 bucket permissions have been confused time and time again, and have allowed for the exposure of sensitive material. What this tool does, is enumerate S3 bucket names using common patterns I have identifi...