Akamai EdgeWorkers for SaaS: Balancing Customization and Security

...

Add a new user to the system

This command adds a new user to the system Module Options msf use post/linux/manage/adduser msf postadduser show actions ...actions... msf postadduser set ACTION msf postadduser show options ...show and set options... msf postadduser run This module requires Metasploit:...

Building an AppSec Program with Qualys WAS – Configuring a Web Application or API: Crawl Settings

Qualys Web Application Scanning WAS stands out as the industrys leading Dynamic Application Security Testing DAST solution. Delving deeper into these settings is crucial for effectively harnessing its potential to uncover vulnerabilities. Scan coverage is greatly influenced by the crawl settings,...

CVE-2023-45998

kodbox 1.44 is vulnerable to Cross Site Scripting XSS. Customizing global HTML results in storing XSS...

Nodesub - Command-Line Tool For Finding Subdomains In Bug Bounty Programs

Nodesub is a command-line tool for finding subdomains in bug bounty programs. It supports various subdomain enumeration techniques and provides flexible options for customization. Features Perform subdomain enumeration using CIDR notation Support input list. Perform subdomain enumeration using AS...

MDR: Empowering Organizations with Enhanced Security

Managed Detection and Response MDR has emerged as a crucial solution for organizations looking to bolster their security measures. MDR allows businesses to outsource the management of Endpoint Detection and Response EDR products deployed across their network domain. With real-time threat-hunting...

HardHatC2 - A C# Command And Control Framework

A cross-platform, collaborative, Command & Control framework written in C, designed for red teaming and ease of use. HardHat is a multiplayer C .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life...

Unveiling Nebula's Report 2.0: A new approach to security reporting

We're excited to announce Report 2.0, a major upgrade to our report system in Nebula. Report 2.0 is not just a cosmetic touch up--it's a completely revamped security reporting solution designed to cater to your diverse business requirements, allowing for a more dynamic, data-driven approach to IT...

USN-6042-1: Cloud-init vulnerability

James Golovich discovered that sensitive data could be exposed in logs. An attacker could use this information to find hashed passwords and possibly escalate their privilege...

CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2022-31394

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

BlueHound - Tool That Helps Blue Teams Pinpoint The Security Issues That Actually Matter

BlueHound is an open-source tool that helps blue teams pinpoint the security issues that actually matter. By combining information about user permissions, network access and unpatched vulnerabilities, BlueHound reveals the paths attackers would take if they were inside your network It is a fork o...

Security Bulletin: IBM Sterling Order Management migration strategy to Apache Log4j vulnerability [CVE-2022-23307]

Summary Apache Log4j is used by IBM Sterling Order Management as part of its logging utility and we strongly recommend upgrading to the latest supported version of log4j that was released as part of the latest FixPack CVE-2022-23307. Vulnerability Details CVEID:CVE-2022-23307 DESCRIPTION: Apache...

Digital License Plates

California just legalized digital license plates, which seems like a solution without a problem. The Rplate can reportedly function in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which c...

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

CVE-2022-42004

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer.deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization...

A first look at the builder for LockBit 3.0 Black

A few months after the LockBit gang released version 3.0 of its ransomware, LockBit 3.0 Black, the builder for it has been leaked by what seems to be a disgruntled developer. LockBit has been by far the most widely used ransomware in 2022 and the appearance of the builder could make things worse...

[SECURITY] Fedora 35 Update: golang-github-mailru-easyjson-0.7.6-5.fc35

Package Easyjson provides a fast and easy way to marshal/unmarshal Go structs to/from JSON without the use of reflection. In performance tests, easyjson outperforms the standard encoding/json package by a factor of 4-5x, and other JSON encoding packages by a factor of 2-3x. Easyjson aims to keep...

PT-2022-19896 · Unknown · Octopus Server

Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows customization of the help sidebar in Octopus Server to include a Cross-Site Scripting payload in the support link. Recommendations: At the moment, there is no...