network-vulnerability-assessment-lab

Network Attack and Defence Technology Lab Project Overview...

CVE-2021-33190

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

CVE-2021-31562

The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 has serious deficiencies that may allow an attacker to compromise SSL/TLS sessions in different ways. An attacker may be able to eavesdrop on transferred data, manipulate data allegedly secured by SSL/TLS, and impersonate an...

CVE-2025-34134 Nagios XI < 2024R1.4.2 RCE via Business Process Intelligence (BPI)

Nagios XI versions prior to 2024R1.4.2 contain a remote code execution vulnerability in the Business Process Intelligence BPI component. Insufficient validation and sanitization of administrator-controlled BPI configuration parameters notably bpilogfile and bpiconfigfile allow an authenticated...

EUVD-2021-27213

Malware in sbrugna...

EUVD-2022-51182

Malicious code in bioql PyPI...

CVE-2023-41649

Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2...

CVE-2023-30441 IBM Java information disclosure

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188...

The vulnerability of the Eurosoft downloader for Windows operating systems allows a hacker to circumvent existing security restrictions.

The vulnerability of the Eurosoft downloader for Windows operating systems is related to security configuration errors. Exploiting this vulnerability could allow a hacker to circumvent existing security restrictions...

The vulnerability of the BitLocker data protection function of the Microsoft Windows operating system, which allows a hacker to bypass the authentication process

The vulnerability of the BitLocker data protection function in the Microsoft Windows operating system is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass the authentication process...

The vulnerabilities of NETGEAR Wi-Fi router software models D7800, EX6250, EX7700, LBR20, RBS50Y, R8900, R9000, XR450, XR500, XR700, EX7320, RAX120, EX7300v2, RAX120v2, EX6410, RBR10, RBR20, RBR40, RBR50, and EX6420, RBS10, RBS20, RBS40, RBS50, EX6400v2, RBK12, RBK20, RBK40, RBK50 stem from security configuration errors. These errors allow attackers to compromise the integrity, accessibility, and confidentiality of protected information.

The vulnerabilities of NETGEAR Wi-Fi router software models D7800, EX6250, EX7700, LBR20, RBS50Y, R8900, R9000, XR450, XR500, XR700, EX7320, RAX120, EX7300v2, RAX120v2, EX6410, RBR10, RBR20, RBR40, RBR50, and EX6420, RBS10, RBS20, RBS40, RBS50, EX6400v2, RBK12, RBK20, RBK40, RBK50 are related to...

Vimana - An Experimental Security Framework That Aims To Provide Resources For Auditing Python Web Applications

Vimana is a modular security framework designed to audit Python web applications. The base of the Vimana is composed of crawlers focused on frameworks in addition to the generic ones for web, trackers, discovery, fuzzer, parser among other types of modules. The main idea, from where the framework...

The vulnerability of the IBM InfoSphere Data Replication and IBM InfoSphere Change Data Capture software configurations allows attackers to bypass the authentication process.

The vulnerability of the IBM InfoSphere Data Replication and IBM InfoSphere Change Data Capture software configurations is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process remotely...

CVE-2021-32402

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery CSRF due to lack of validation and insecure configurations in inputs and modules...

IBM Tivoli Netcool Impact Information Disclosure Vulnerability

IBM Tivoli Netcool Impact is a suite of network management software from IBM in the United States. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. An information disclosure...

Pivotal Software Spring Data JPA Information Disclosure Vulnerability

Pivotal Software Spring Data JPA is the United States Pivotal Software, Inc. set of applications used to simplify and create JPA-based data access layer development. An information disclosure vulnerability exists in Pivotal Software Spring Data JPA. The vulnerability stems from errors such as...

Pacu - The AWS Exploitation Framework, Designed For Testing The Security Of Amazon Web Services Environments

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

The AWS Exploitation Framework: Pacu

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Created and maintained by Rhino Security Labs, Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its...

Vulnerability of Firefox and Firefox ESR browsers, which allows a hacker to forge the address bar

The vulnerability in the browser/base/content/browser.js function of Firefox and Firefox ESR is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to forge the URL address line remotely...

Researchers Divulge 30 Oracle Java Cloud Service Bugs

Upset with the vulnerability handling process at Oracle, researchers yesterday disclosed more than two dozen outstanding issues with the company’s Java Cloud Service platform. Researchers at Security Explorations published two reports, complete with proof of concept codes, explaining 30 different...