openSUSE 16 Security Update : perl-CryptX (openSUSE-SU-2026:20936-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20936-1 advisory. Changes in perl-CryptX: - updated to 0.89.0 0.089 see /usr/share/doc/packages/perl-CryptX/Changes 0.089 2026-05-10 - new: Crypt::ASN1 - new:...

OPENSUSE-SU-2026:20936-1 Security update for perl-CryptX

This update for perl-CryptX fixes the following issues: Changes in perl-CryptX: - updated to 0.89.0 0.089 see /usr/share/doc/packages/perl-CryptX/Changes 0.089 2026-05-10 - new: Crypt::ASN1 - new: Crypt::AuthEnc::SIV - new: Crypt::AuthEnc::XChaCha20Poly1305 - new: Crypt::Cipher::SM4 - new:...

CVE-2026-6357

pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...

The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0

The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a capability that can be reserved for annual tests, but a continuous assessment to determine exposure and even through the validation of an...

Metasploit Wrap-Up 04/04/2025

New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution RCE. Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813...

Metasploit Weekly Wrap-Up 12/06/2024

Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover...

Metasploit Weekly Wrap-Up 09/27/2024

Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content 5 Cisco Smart Software Manag...

Metasploit Wrap-Up 03/15/2024

New module content 3 GitLab Password Reset Account Takeover Authors: asterion04 and h00die Type: Auxiliary Pull request: 18716 contributed by h00die Path: admin/http/gitlabpasswordresetaccounttakeover AttackerKB reference: CVE-2023-7028 Description: This adds an exploit module that leverages an...

Metasploit Weekly Wrap Up

New module content 3 LDAP Login Scanner Author: Dean Welch Type: Auxiliary Pull request: 18197 contributed by dwelch-r7 Path: scanner/ldap/ldaplogin Description: This PR adds a new login scanner module for LDAP. Login scanners are the classes that provide functionality for testing authentication...

Metasploit Weekly Wrap-Up

Metasploit 6.3 is out! Earlier this week we announced the release of Metasploit 6.3 which came with a tonne of new modules and improvements. The whole team worked super hard on this and we're very excited that everyone can now get their hands on it and all of the new features it has to offer! I...

Metasploit Weekly Wrap-Up

Authenticated command injection vulnerability of Cisco ASA-X with FirePOWER Services: jbaines-r7 added a new module that exploits an authenticated command injection vulnerability CVE-2022-20828 of Cisco ASA-X with FirePOWER Services. This vulnerability affects all Cisco ASA appliances that suppor...

Metasploit Weekly Wrap-Up

CVE-2022-21999 - SpoolFool Our very own Shelby Pace has added a new module for the CVE-2022-21999 SpoolFool privilege escalation vulnerability. This escalation vulnerability can be leveraged to achieve code execution as SYSTEM. This new module has successfully been tested on Windows 10 10.0 Build...

Metasploit Wrap-Up

Archive directory traversals, now with your daily allowance of JSP In a year already full of hot vulnerabilities, CVE-2021-21972 in VMware's vCenter Server may already seem like old news. It's not, though! Thanks to wvu-r7 for grabbing this unauthenticated file upload combined with archive...

SIRAS - Security Incident Response Automated Simulations

Security Incident Response Automated Simulations SIRAS are internal/controlled actions that provide a structured opportunity to practice the incident response plan and procedures during a realistic scenarios. the main idea of SIRAS is create an detection-as-a-code testing scenarios to facilitate...

Metasploit Wrap-up

Nine! Nine new modules! Ah ha ha! With the coming of autumn here in the Northern hemisphere, the nights are getting longer, and the hacking is getting stronger. We’ve really got something for everybody in this release, from IoT to infrastructure, Windows, and Linux; everyone’s pretty...

Metasploit Wrap-Up

Refreshingly configurable F5, on top of being a handy shortcut you can press over and over again until 3am just to watch the RTX 3080 preorders sell out instantly, is also a company that specializes in the delivery, security, performance, and availability of web applications, computing, storage,...

RouterSploit v3.3.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

UPDATE: WordPress Exploit Framework v1.9.2

PenTestIT RSS Feed WPXF update time again guys! Since my first post about this WordPress exploitation framework almost a year ago, this tool has gotten better and a new version - WordPress Exploit Framework v1.9.2 has been released. This post will summarize the updates for the latest release such...

UPDATE: WordPress Exploit Framework v1.8!

PenTestIT RSS Feed Good news guys! We now have the WordPress Exploit Framework v1.8 amongst us! This new version fixes API compatibility with a shell upload module, updates multiple dependencies, introduces multiple API changes and adds multiple new modules and payloads! WordPress Exploit Framewo...

UPDATE: WordPress Exploit Framework v1.6.1!

PenTestIT RSS Feed Wow I seem to have missed a lot of updates lately. This time, I missed an update about WPXF. We now have the WordPress Exploit Framework v1.6.1 amongst us! This new version among other things updates a major bug that occurred while updating the framework and adds multiple new...