Python Social Auth 安全漏洞

Python Social Auth is an easy to set up social authentication/registration mechanism from Python Social Auth open source. Multiple frameworks and authentication providers are supported. A security vulnerability exists in Python Social Auth versions prior to 5.4.1 , which stems from the default...

Vulnerability in some TP-Link routers could lead to factory reset

Cisco Talos Vulnerability Research team has disclosed 10 vulnerabilities over the past three weeks, including four in a line of TP-Link routers, one of which could allow an attacker to reset the devices settings back to the factory default. A popular open-source software for internet-of-things Io...

PT-2024-19548 · Amcs · Trux Waste Management

Name of the Vulnerable Software and Affected Versions: AMCS Group Trux Waste Management Software versions prior to 7.19.0018.26912 Description: An issue in the Trux Waste Management Software allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the...

Microsoft OLE DB Provider for SQL Server 安全漏洞

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft OLE DB Provider for SQL Server. An attacker could exploit the vulnerability to remotely execute code. T...

CVE-2024-3165

CVE-2024-3165 affects dotCMS where the System->Maintenance-> Log Files output reveals database credentials (username/password) in logs. This is described as a moderate issue requiring backend admin access and environment-led DB lockdown. Connected documents confirm the vulnerability stems f...

Noia - Simple Mobile Applications Sandbox File Browser Tool

Noia is a web-based tool whose main aim is to ease the process of browsing mobile applications sandbox and directly previewing SQLite databases, images, and more. Powered by frida.re. Please note that I'm not a programmer, but I'm probably above the median in code-savyness. Try it out, open an...

IBM Storage Protect Plus Server Information Disclosure Vulnerability (CNVD-2024-16923)

IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines IBM that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An information disclosure vulnerability exists i...

IBM Storage Protect Plus Server Access Control Error Vulnerability

IBM Storage Protect Plus Server is an IBM Storage software from International Business Machines IBM that provides recovery, replication, retention and reuse for virtual machines, databases, applications, file systems, SaaS workloads and containers. An access control error vulnerability exists in...

The vulnerability of the Azure Data Studio software for data development and management, which involves connecting to cloud and local databases, stems from lack of access control mechanisms. This allows attackers to exploit their privileges.

The vulnerability of the Azure Data Studio software for data development and management, which connects to cloud and local databases, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

Shodan Dorks

Shodan Dorks by twitter.com/lothos612 Feel free to make suggestions Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:"Bangalore" country: Find devices in a particular country. country:"IN" geo: Find devices by giving geographical coordinates...

Dorkish - Chrome Extension Tool For OSINT & Recon

During reconaissance phase or when doing OSINT , we often use google dorking and shodan and thus the idea of Dorkish. Dorkish is a Chrome extension tool that facilitates custom dork creation for Google and Shodan using the builder and it offers prebuilt dorks for efficient reconnaissance and OSIN...

PT-2024-4194

Name of the Vulnerable Software and Affected Versions Android versions 12 and 13 Description The issue is related to improper input validation in the createSessionInternal function of PackageInstallerService.java, which could lead to local escalation of privilege with no additional execution...

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to buffer overflows in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2024-26132 Element Android can be asked to share internal files.

Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the files directory in the application's private data directory to an arbitrary room. The impact of th...

CVE-2024-1344

Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOFservice.exe' and 'LaborOfficeFree.exe' located in the '%programfilesx86%\LaborOfficeFree' directory. This user ca...

SQLAlchemyDA SQL Injection Vulnerability

SQLAlchemyDA is a general purpose database adapter from the Zope Foundation. A SQL injection vulnerability exists in versions prior to SQLAlchemyDA 2.2, which stems from a vulnerability that allows unauthenticated execution of arbitrary SQL statements on a database to which a SQLAlchemyDA instanc...

Melee - Tool To Detect Infections In MySQL Instances

MELEE: A Tool to Detect Ransomware Infections in MySQL Instances Attackers are abusing MySQL instances for conducting nefarious operations on the Internet. The cybercriminals are targeting exposed MySQL instances and triggering infections at scale to exfiltrate data, destruct data, and extort mon...

Input validation

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This...

Dell NetWorker Information Disclosure Vulnerability

Dell NetWorker is an application from Dell USA Inc. Provides forum discussion features for Dell Inc. An information disclosure vulnerability exists in Dell NetWorker, which arises from the database storing plain text passwords in a temporary configuration file during backups, and can be exploited...

Dell NetWorker 安全漏洞

Dell NetWorker is an application from Dell USA Inc. Provides forum discussion features for Dell Inc. An information disclosure vulnerability exists in Dell NetWorker, which arises from the database storing plain text passwords in a temporary configuration file during backups, and can be exploited...