LLM-and-MCP

Detection and Exploitation of Vulnerabilities in Android Appli...

SentinelX

SentinelX SentinelX — статический анализатор безопасности...

SecureAgentBench: Benchmarking Secure Code Generation under Realistic Vulnerability Scenarios

Large language model LLM powered code agents are rapidly transforming software engineering by automating tasks such as testing, debugging, and repairing, yet the security risks of their generated code have become a critical concern. Existing benchmarks have offered valuable insights but remain...

iot-vul

IoT Vulnerability Exploitation and Verification Framework Thi...

Over 800 npm Packages Found with Discrepancies, 18 Exploit 'Manifest Confusion'

New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by...

CVEsLab

CVEsLab A collection of proof-of-con...

CURL-CVE-2019-5443 Windows OpenSSL engine code injection

A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that makes curl automatically run the code as an OpenSSL "engine" on invocation. If that curl is invoked by a privileged user it can do anything it wants. This flaw exists in the...

Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild

It was only a matter of time before attacks were seen in the wild, and now it’s happened. A known threat actor has mounted a large cryptomining campaign using the recently disclosed Apache Struts 2 critical remote code-execution vulnerability. It uses a new malware designed for persistence and...

Government Promises Comment Period on Next Wassenaar Draft

It’s been months since the U.S. Commerce Department’s Bureau of Industry and Security pulled the U.S. implementation of the Wassenaar Arrangement off the table for an unusual rewrite of the rules governing so-called intrusion software. The overly broad rule drew the ire of security and privacy...

PayPal Java Serialization Vulnerability

A Java serialization vulnerability disclosed more than a year ago figured to have a long shelf life. It lived in popular Java application development frameworks such as Apache Commons Collections—where it’s been patched—and not to mention widely deployed application servers such as Oracle WebLogi...

UK Student's Research a Wassenaar Casualty

U.S.-based security researchers may soon be championing the case of Grant Wilcox, a young U.K. university student whose work is one of the few publicly reported casualties of the Wassenaar Arrangement. Wilcox last week published his university dissertation, presented earlier this spring for an...

SAP Internet Transaction Server XSS vulnerability

Vulnerability class : Cross-Site Scripting Discovery date : 13 September 2006 Remote : Yes Credit : ILION Research Labs Vulnerable : SAP ITS Vulnerable version: Versions 6.1 and 6.2 have been found to be vulnerable. Other versions might be too. A XSS Cross-Site-Scripting vulnerability has been...

Dragonfly Shopping Cart Multiple vulnerabilities

Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at http://www.dbtech.org Severity: High Title: Dragonfly Shopping Cart Multiple vulnerabilities Date:...

PortalAppXSS.txt

http://www.snkenjoi.com/secadv/secadv8.txt sNKenjoi's Security Advisory: XSS Vunerabilities in PortalApp v3.3 Security Advisory: XSS Vunerabilities in PortalApp v3.3 Severity: Medium Title: XSS Vunerabilities in PortalApp v3.3 Vendor: Iatek Vendor Website: http://www.portalapp.com/ Proof of Conce...

citypostXSS.txt

sNKenjoi's Security Advisory: XSS Vunerabilities in Multiple CityPost Software Security Advisory: XSS Vunerabilities in Multiple CityPost Software Severity: Medium Title: XSS Vunerabilities in Simple PHP Upload, Simple Image Editor and Automated Link Exchange Vendor: Allen Kim Vendor Website:...

Multiple Sql injection vulnerabilities in BK Forum v.4

Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: Multiple Sql injection...

Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0

Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: High Title: Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0 Date: March 27, 2005 Summary: There are multiple sql injection, xss vulnerabilities in the Vladerso...

zgv 5.5 Multiple Arbitrary Code Execution PoC Exploits

Exploit for linux platform in category remote exploits ====================================================== zgv 5.5 Multiple Arbitrary Code Execution PoC Exploits ====================================================== Download: http://www.inj3ct0r.com/sploits/8461.tar.gz 0day.today 2017-12-31...

Microsoft Internet Explorer 6 - URL Local Resource Access

source: https://www.securityfocus.com/bid/10472/info Microsoft Internet Explorer is prone to a security weakness that may permit unauthorized access to local resources on a client computer. This will effectively bypass security restrictions implemented in Internet Explorer 6 SP1. Specifically, a...

Applied Watch Command Center 1.0 - Authentication Bypass (2)

Applied Watch Command Center 1.0 - Authentication Bypass 2 // source: https://www.securityfocus.com/bid/9124/info A vulnerability has been identified in the system that may allow an attacker to bypass authentication to add attacker supplied IDS alerts and new user accounts in the console...