Server side request forgery (ssrf)

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF...

CVE-2023-3577 Limited blind SSRF to localhost/intranet in interactive dialog implementation

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF...

PT-2023-25299 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF. Recommendations: At the...

USN-6223-1: Linux kernel (Azure CVM) vulnerabilities

It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service system crash. CVE-2023-1076 It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type...

The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short

As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks BLAs. Unlike known attacks, which can be identified by signatures or patterns, such ...

USN-6207-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service system crash. CVE-2023-1076 It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type...

CVE-2023-35800

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators...

Design/Logic Flaw

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators...

Stormshield Endpoint Security 安全漏洞

Stormshield Endpoint Security is a product line of enhanced workstation and server security from the French company Stormshield. A security vulnerability exists in Stormshield Endpoint Security Evolution versions 2.0.0 through 2.3.2, which stems from an ACL entry on the SES Evolution agent...

CVE-2023-35800

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators...

Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite < 1.0.0 - CSRF to Stored XSS

The plugin does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack...

Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite < 1.0.0 - Subscriber+ Stored XSS

The plugin does not sanitize and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...

USN-6185-1: Linux kernel vulnerabilities

It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service system crash. CVE-2023-1076 It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type...

The vulnerability of the DashBoard.exe executable file of the Dashboard module in the Interactive Graphical SCADA System (IGSS) allows a intruder to execute arbitrary code.

The vulnerability of the DashBoard.exe executable file of the Dashboard module in the Interactive Graphical SCADA System IGSS is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Ubuntu: Security Advisory (USN-6171-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Wizcyb Interactive 2.0 SQL Injection

==================================================================================================================================== | Title : wizcyb interactive v2.0 auth by pass Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Command Shell, Bind SSM (via AWS API)

Creates an interactive shell using AWS SSM Module Options msf use payload/generic/shellbindawsssm msf payloadshellbindawsssm show actions ...actions... msf payloadshellbindawsssm set ACTION msf payloadshellbindawsssm show options ...show and set options... msf payloadshellbindawsssm run This modu...

PentestGPT - A GPT-empowered Penetration Testing Tool

A GPT-empowered penetration testing tool. Common Questions Q : What is PentestGPT? A : PentestGPT is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration...

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises from buffer overflows in the stack, allowing an intruder to execute arbitrary code.

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System IGSS, is caused by a buffer overflow in the stack. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises from the possibility of unlimited loading of dangerous files, allowing a intruder to execute arbitrary code.

The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System IGSS, lies in its ability to load files of a dangerous type without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...