46 matches found
cve-arsenal
CVE Arsenal Automated CVE exploit scanners and Nuclei templat...
CVE-2018-19879
An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX e.g., RUT950 R31.04.89 before R00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login...
EUVD-2020-0749
Malware in sbrugna...
EUVD-2018-11553
Malware in sbrugna...
Exploit for CVE-2007-6750
ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets. The project currently consists of two major components: a script invoking and aggregating the results of existing...
Security Bulletin: IBM Security QRadar EDR Software contains a vulnerability (CVE-2024-6345)
Summary IBM Security QRadar EDR Software includes a vulnerable component e.g., framework libraries that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attack...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker ...
GraphQL Vulnerabilities and Common Attacks: Seen in the Wild
In our previous blog, we provided an overview of GraphQL security, along with details and examples of common attacks. Building on that foundation, this blog will take a closer look at real-world examples of GraphQL attacks that have recently occurred. We will explore the methods used by attackers...
Security Bulletin: IBM QRadar SIEM contains multiple kernel vulnerabilities
Summary IBM QRadar SIEM includes a vulnerable version of kernel that could be identified and exploited with automated tools. This has been addressed in the update. Vulnerability Details CVEID:CVE-2019-13631 DESCRIPTION: Linux Kernel could allow a physical attacker to execute arbitrary code on the...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2024-22259 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacke...
SBOM support in Spring Boot 3.3
Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...
U.S. Dept Of Defense: Time based SQL injection at████████
A time based SQL injection vulnerability was found in the /pubs/index.php endpoint on ██████. The 'years' and 'authors' parameters were vulnerable, allowing time delays to be introduced in database queries. This could have led to sensitive data exfiltration from the database. The issue could be...
Imperva defends customers against recent vulnerabilities in Apache OFBiz
On December 26, researchers from SonicWall Capture Labs discovered an authentication bypass vulnerability in Apache OFBiz, tracked as CVE-2023-51467. This bug has a CVSS score of 9.8 and allows attackers to achieve server-side request forgery SSRF by bypassing the program’s authentication. This...
Are You Willing to Pay the High Cost of Compromised Credentials?
Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them? 83% of compromised passwords would satisfy the password complexity and length requirements of compliance standards. That's because bad actors already have...
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
RosarioSIS prior to 11.0 allows anyone, regardless of authentication status, to download and view file attachments under the salaries module. In addition, the file names contain a date in a YYYY-MM-DD format and a random six-string digit, making enumerating file names with automated tools...
GHSA-36CM-H8GV-MG97 RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
RosarioSIS prior to 11.0 allows anyone, regardless of authentication status, to download and view file attachments under the salaries module. In addition, the file names contain a date in a YYYY-MM-DD format and a random six-string digit, making enumerating file names with automated tools...
Penetration Testing or Vulnerability Scanning? What's the Difference?
Pentesting and vulnerability scanning are often confused for the same service. The problem is, business owners often use one when they really need the other. Let's dive in and explain the differences. People frequently confuse penetration testing and vulnerability scanning, and it's easy to see...
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-23218 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based...
Explore CMS 1.0 SQL Injection
Exploit Title: explore CMS - Boolean Based SQL Injection Date: 19/03/2022 Exploit Author: Sajibe Kanti Vendor Name : EXPLORE IT Vendor Homepage: https://exploreit.com.bd CVE: On Request POC SQL Injection SQL injection is a web security vulnerability that allows an attacker to interfere with the...
Why Enterprise Threat Mitigation Requires Automated, Single-Purpose Tools
As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. For these sysadmins it's not an easy task, however. In enterprise IT, sysadmins teams have a wide remit but limited...