OESA-2026-2503 rsync security update

Rsync is an open source utility that provides fast incremental file transfer. It uses the "rsync algorithm" which provides a very fast method for bringing remote files into sync. It does this by sending just the differences in the files across the link, without requiring that both sets of files a...

CVE-2024-56800

Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery SSRF vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address...

Wa-Tunnel - Tunneling Internet Traffic Over Whatsapp

This is a Baileys based piece of code that lets you tunnel TCP data through two Whatsapp accounts. This can be usable in different situations, for example network carriers that give unlimited whatsapp data or airplanes where you also get unlimited social network data. It's using Baileys since it'...

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for...

Evilgophish - Evilginx2 + Gophish

Combination of evilginx2 and GoPhish. Credits Before I begin, I would like to say that I am in no way bashing Kuba Gretzky and his work. I thank him personally for releasing evilginx2 to the public. In fact, without his work this work would not exist. I must also thank Jordan Wright for...

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.4 security and bug fix update

Red Hat Advanced Cluster Management for Kubernetes 2.2.4 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

Browsing serverInfo anonymously gives version number information

h3. Issue Summary Browsing serverInfo anonymously gives version number information h3. Steps to Reproduce curl https:///rest/api/2/serverInfo navigate to https:///rest/api/2/serverInfo in a browser h3. Expected Results Fail to connect h3. Actual Results The below exception is thrown in the...

Betwixt - Web Debugging Proxy Based On Chrome DevTools Network Panel

Betwixt will help you analyze web traffic outside the browser using familiar Chrome DevTools interface. Installing Download the latest release for your operating system, build your own bundle or run Betwixt from the source code. Setting up In order to capture traffic, you'll have to direct it to...

CVE-2019-6665

CVE-2019-6665 affects BIG-IP ASM (15.0.0–15.0.1, 14.1.0–14.1.2, 14.0.0–14.0.1, 13.1.0–13.1.3.1), BIG-IQ 5.2.0–5.4.0 and 6.x, Enterprise Manager 3.1.1, and F5 iWorkflow 2.3.0. An attacker able to access the device communications between the BIG-IP ASM Central Policy Builder and BIG-IQ/Enterprise M...

[SECURITY] [DLA 1716-1] ikiwiki security update

Package : ikiwiki Version : 3.20141016.4+deb8u1 CVE ID : CVE-2019-9187 The ikiwiki maintainers discovered that the aggregate plugin did not use LWPx::ParanoidAgent. On sites where the aggregate plugin is enabled, authorized wiki editors could tell ikiwiki to fetch potentially undesired URIs even ...