PT-2025-44210

CVE-2025-89012 in Apache HTTP Server mods enables path traversal for file reads—patched Oct 30 release. Web admins: Lock down alias directives tight. Solid config audit seals it. CyberSecurity InfoSec Vulnerability...

drupal: session hijacking and denial of service

Custom configured session.inc and password.inc need to be audited as well to verify if they are prone to the following vulnerabilities. More information can be found in the upstream advisory 0. - CVE-2014-9015 session hijacking Aaron Averill discovered that a specially crafted request can give a...

Homeland Security Warns SCADA Operators Of Internet-Facing Systems

In the wake of the hack of water and sewer infrastructure operated by a Texas community, the Department of Homeland Security is again warning owners and operators of critical infrastructure to take note of SCADA and industrial control systems that may be accessible from the Internet. DHS’s...

mysql-audit NSE Script

Audits MySQL database server security configuration against parts of the CIS MySQL v1.0.2 benchmark the engine can be used for other MySQL audits by creating appropriate audit files. Script Arguments mysql-audit.password the password with which to connect to the database mysql-audit.username the...