Lucene search
+L

279 matches found

CVE
CVE
added 2024/05/07 4:53 p.m.81 views

CVE-2024-29209

The CVE-2024-29209/29210 family concerns Phish Alert Button (PAB) for Outlook and related KnowBe4 clients. Technical details across connected records show: attack via update mechanism (CVE-2024-29209) where the client fails to validate the update server’s TLS/SSL and ignores digital signatures, e...

6CVSS5AI score0.00374EPSS
Exploits0References1
CVE
CVE
added 2024/05/07 4:53 p.m.58 views

CVE-2024-29210

CVE-2024-29210 describes a local privilege escalation in Phish Alert Button for Outlook (PAB) caused by insecure permissions on the configuration file (update server URL). An unprivileged local user can modify the configuration to point updates to a malicious server, enabling LPE in conjunction w...

2.8CVSS7.1AI score0.00178EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/07 4:53 p.m.35 views

CVE-2024-29209

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...

6CVSS5.6AI score0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/07 4:53 p.m.35 views

CVE-2024-29210

A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...

2.8CVSS5.4AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/07 4:53 p.m.16 views

CVE-2024-29210

A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...

2.8CVSS7.1AI score0.00178EPSS
Exploits0References1
OSV
OSV
added 2024/03/22 11:15 p.m.4 views

PYSEC-2024-257

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

7.5CVSS6.9AI score0.00712EPSS
Exploits1References4
OSV
OSV
added 2024/03/22 10:12 p.m.36 views

CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...

7.5CVSS7.1AI score0.00712EPSS
Exploits1References5
HackRead
HackRead
added 2024/02/10 5:50 p.m.16 views

Smart Helmets Flaw Exposed Millions to Risk of Hacking and Surveillance

By Deeba Ahmed According to cybersecurity firm Pen Test Partners, Livall’s smart helmets had an inherent flaw that could lead to… This is a post from HackRead.com Read the original post: Smart Helmets Flaw Exposed Millions to Risk of Hacking and Surveillance...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/14 11:56 a.m.48 views

The Importance of Continuous Security Monitoring for a Robust Cybersecurity Strategy

In 2023, the global average cost of a data breach reached $4.45 million. Beyond the immediate financial loss, there are long-term consequences like diminished customer trust, weakened brand value, and derailed business operations. In a world where the frequency and cost of data breaches are...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/09/15 9:46 p.m.12 views

pen-club.co.uk Cross Site Scripting vulnerability OBB-3684400

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/09/11 8:45 p.m.31 views

Magento LTS's guest order "protect code" can be brute-forced too easily

Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. Patch...

7.5CVSS7.1AI score0.00823EPSS
Exploits1References7Affected Software1
Malwarebytes
Malwarebytes
added 2023/09/07 1:0 a.m.22 views

A history of ransomware: How did it get this far?

Today's ransomware is the scourge of many organizations. But where did it start? If we define ransomware as malware that encrypts files to extort the owner of the system, then the first malware that could be classified as ransomware is the 1989 AIDS Trojan. However, while it encrypted filenames a...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 1:16 p.m.13 views

PenTales: What It’s Like on the Red Team

At Rapid7 we love a good pen test story. So often they show the cleverness, skill, resilience, and dedication to our customer’s security that can only come from actively trying to break it! In this series, we’re sharing some of our favorite tales from the pen test desk and hopefully highlight som...

7.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/08/03 5:41 a.m.27 views

PTP at DEF CON 31 2023

Come and see us at the Aerospace Village, at Caesars Forum. Aerospace Village Fri 11th to Sun 13th Activity Take off in an A320 with hacked engine performance calculator. Then try to land it again. Fri 11th August 5:00 PM Pen Test Partners Power Hour We’ll be talking about: Hacking Electronic...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2023/07/03 12:30 p.m.29 views

Wanderer - An Open-Source Process Injection Enumeration Tool Written In C#

Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is...

7.6AI score
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.4 views

SUSE CVE-2007-0776

Heap-based buffer overflow in the cairopeninit function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file...

9.3CVSS9.3AI score0.06736EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.5 views

SUSE CVE-2014-2387

Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities...

4.6CVSS5.1AI score0.00412EPSS
Exploits1References3
Malwarebytes
Malwarebytes
added 2023/02/07 4:0 a.m.22 views

Florida hospital takes entire IT systems offline after 'ransomware attack'

Tallahassee Memorial Healthcare TMH, a major hospital system in northern Florida, has reportedly been experiencing an "IT security issue" since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contact...

7.3AI score
Exploits0
NVD
NVD
added 2022/12/08 4:15 p.m.19 views

CVE-2022-39899

Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture...

5.7CVSS0.00097EPSS
Exploits0References1
OSV
OSV
added 2022/12/08 4:15 p.m.6 views

CVE-2022-39899

Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture...

4.3CVSS5.8AI score0.00097EPSS
Exploits0References1
Rows per page
Query Builder