Lucene search
+L

347 matches found

Trellix
Trellix
added 2023/03/17 12:0 a.m.12 views

Trellix HAX 2023 Capture the Flag Results!

Trellix HAX 2023 Capture the Flag Results! By Mark Bereza · March 17, 2023 This story was also written by Jesse Chick. All good things must come to an end, and our annual CTF is unfortunately no exception. When this competition began, we asked each of you to try your hand at 12 new challenges –...

7AI score
Exploits0
Kitploit
Kitploit
added 2023/03/07 11:30 a.m.95 views

DataSurgeon - Quickly Extracts IP's, Email Addresses, Hashes, Files, Credit Cards, Social Secuirty Numbers And More From Text

DataSurgeon ds is a versatile tool designed for incident response, penetration testing, and CTF challenges. It allows for the extraction of various types of sensitive information including emails, phone numbers, hashes, credit cards, URLs, IP addresses, MAC addresses, SRV DNS records and a lot...

7.1AI score
Exploits0References5
Trellix
Trellix
added 2023/02/17 12:0 a.m.22 views

Trellix HAX 2023 CTF Competition

Trellix HAX 2023 CTF Competition Now Open for Registration! By Mark Bereza · February 17, 2023 This story was also written by John Dunlap. Introduction Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag CTF competition! With 1...

6.6AI score
Exploits0
Trellix
Trellix
added 2023/02/17 12:0 a.m.13 views

Trellix HAX 2023 CTF Competition

Trellix HAX 2023 CTF Competition Now Open for Registration! By Mark Bereza · February 17, 2023 This story was also written by John Dunlap. Introduction Trellix’s Advanced Research Center is happy to announce the launch of Trellix HAX 2023, our third annual capture the flag CTF competition! With 1...

6.6AI score
Exploits0
CNNVD
CNNVD
added 2022/12/28 12:0 a.m.5 views

Mellivora 跨站脚本漏洞

Mellivora is a CTF engine written in PHP by the individual developer Nakiami. A cross-site scripting vulnerability exists in Mellivora versions prior to 2.1.x. The vulnerability stems from an incorrect manipulation of a parameter that leads to a cross-site scripting vulnerability...

4.8CVSS4.5AI score0.00524EPSS
Exploits0References5
NVD
NVD
added 2022/12/08 8:15 a.m.18 views

CVE-2022-4349

A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

6.8CVSS0.00237EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/08 12:0 a.m.7 views

CVE-2022-4349 CTF-hacker pwn delete.html cross-site request forgery

A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

4.3CVSS5.4AI score0.00237EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.5 views

PT-2022-26941 · Unknown · Ctf-Hacker Pwn

Name of the Vulnerable Software and Affected Versions: CTF-hacker pwn affected versions not specified Description: A problematic vulnerability has been found in CTF-hacker pwn, affecting an unknown part of the file delete.html. The manipulation leads to cross-site request forgery, which can be...

6.8CVSS6.5AI score0.00237EPSS
Exploits1References6
CVE
CVE
added 2022/12/08 12:0 a.m.54 views

CVE-2022-4349

CVE-2022-4349 corresponds to a CSRF vulnerability in CTF-hacker pwn, affecting an unknown part of delete.html. The issue allows remote initiation of cross-site request forgery, with public disclosure of the exploit. The available connected documents consistently mention CSRF in delete.html and do...

6.8CVSS5.5AI score0.00237EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/12/08 12:0 a.m.31 views

CVE-2022-4349 CTF-hacker pwn delete.html cross-site request forgery

A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

4.3CVSS6.8AI score0.00237EPSS
Exploits1References2
Rapid7 Blog
Rapid7 Blog
added 2022/08/04 6:0 p.m.20 views

What We're Looking Forward to at Black Hat, DEF CON, and BSidesLV 2022

The week of Black Hat, DEF CON, and BSides is highly anticipated annual tradition for the cybersecurity community, a weeklong chance for security pros from all corners of the industry to meet in Las Vegas to talk shop and share what they've spent the last 12 months working on. But like many belov...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2022/07/23 12:30 p.m.47 views

modDetective - Tool That Chronologizes Files Based On Modification Time In Order To Investigate Recent System Activity

modDetective is a small Python tool that chronologizes files based on modification time in order to investigate recent system activity. This can be used in CTF's in order to pinpoint where escalation and attack vectors may exist. To see the tool in its most useful form, try running the command as...

7.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:13 p.m.2 views

Malicious code in esperamier-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52bfdf9444b341e41e024c45a5d5dc7dbf15553c8f3c3ca808ec74091bc85c63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:13 p.m.6 views

MAL-2022-2849 Malicious code in esperamier-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52bfdf9444b341e41e024c45a5d5dc7dbf15553c8f3c3ca808ec74091bc85c63 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Veeam
Veeam
added 2022/06/16 12:0 a.m.19 views

libdtrace-ctf Required to Install Veeam Agent for Linux on Oracle Linux UEK

Challenge When installing Veeam Agent for Linux on Oracle Linux 6 or 7 with UEK kernel, the veeamsnap package fails to install with the following error: Error! Bad return status for module build on kernel: Consult /var/lib/dkms/veeamsnap//build/make.log for more information. The make.log example...

6.6AI score
Exploits0Affected Software1
CNVD
CNVD
added 2022/06/15 12:0 a.m.60 views

Google kCTF Access Control Error Vulnerability

Google kCTF is a Kubernetes-based CTF competition infrastructure from Google Google. kCTF v1.6.0 prior to the release of Google kCTF has an access control error vulnerability, which stems from the existence of improper access control in the kctf cluster, which can be exploited by attackers to...

7.5CVSS4.2AI score0.00588EPSS
Exploits0References1
CVE
CVE
added 2022/06/13 3:40 p.m.100 views

CVE-2022-31055

Summary: CVE-2022-31055 relates to Google kCTF, a Kubernetes-based CTF infrastructure. Several connected sources confirm that prior to version 1.6.0 the kCTF cluster set-src-ip-ranges feature was broken, effectively allowing traffic from any IP due to improper access control. The issue was patche...

7.5CVSS7.5AI score0.00588EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/13 3:40 p.m.26 views

CVE-2022-31055 Improper Access Control in kctf

kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...

7.5CVSS7.4AI score0.00588EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.7 views

Google kCTF 安全漏洞

Google kCTF is a Kubernetes-based CTF competition infrastructure from Google Google. kCTF v1.6.0 prior to the release of Google kCTF has an access control error vulnerability, which stems from the existence of improper access control in the kctf cluster, which can be exploited by attackers to...

7.5CVSS5.5AI score0.00588EPSS
Exploits0References4
Information Security Automation
Information Security Automation
added 2022/06/11 12:46 a.m.125 views

PHDays 11: towards the Independence Era

Hello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event. Alternative video link for Russia: As I did last year, I want to start talking about this...

6.8CVSS0.96843EPSS
Exploits38
Rows per page
Query Builder