11635 matches found
HTTPS Fetch, Reverse TCP Stager
Fetch and execute an MIPSBE payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/linux/https/mipsbe/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...
CVE-2024-37362 Hitachi Vantara Pentaho Data Integration & Analytics - Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CWE-522 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.8, including 8.3.x, discloses database...
Device Code Phishing
This isn't new, but it's increasingly popular: The technique is known as device code phishing. It exploits "device code flow," a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar...
BIT-PYTHON-2024-3220
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method CVE-2024-49860 In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API busregister CVE-2024-50055 Affecte...
Amazon Linux AMI : kernel (ALAS-2025-1960)
The version of kernel installed on the remote host is prior to 4.14.355-195.591. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1960 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method...
CVE-2025-26473
The Mojave Inverter uses the GET method for sensitive information...
Fedora 41 : libheif (2025-8fdb7be3cb)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8fdb7be3cb advisory. Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more...
CVE-2024-26307
Possible race condition vulnerability in Apache Doris. Some of code using chmod method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before...
CVE-2024-35081
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter in the fileDownload method...
PTT HGS Mobile App 安全漏洞
PTT HGS Mobile App is a mobile application from PTT Turkey that is used to facilitate the management and payment of Highway Electronic Toll Collection System HGS fees. A security vulnerability exists in PTT HGS Mobile App versions prior to 6.5.0, which stems from the presence of a vulnerability...
CVE-2024-35080
An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file...
CVE-2025-26473
The Mojave Inverter uses the GET method for sensitive information...
CVE-2025-26473 Outback Power Mojave Inverter Use of GET Request Method With Sensitive Query Strings
The Mojave Inverter uses the GET method for sensitive information...
CVE-2023-37569
This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker ...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Outback Power Mojave Inverter 安全漏洞
Outback Power Mojave Inverter is an AC inverter from Outback Power. A security vulnerability exists in the Outback Power Mojave Inverter that originates from the ability to obtain sensitive information using the GET method...
CLSA-2025-1739387851 tomcat: Fix of CVE-2023-42794
CVE-2023-42794: restore the finalize method...
jinja2: Jinja has a sandbox breakout through indirect reference to format method
A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
PCI DSS. Where to start?
TL;DR Determine your role: Merchant or service provider Determine your level and requirements Identify your validation method: SAQ or RoC Use the PCI website Introduction The Payment Card Industry Data Security Standard, or PCI DSS, outlines essential requirements for protecting both you and your...