7076 matches found
Authentication Bypass
ghost is vulnerable Authentication Bypass. The vulnerability is caused due to the misuse of multiple X-Forwarded-For headers with different values, which allows remote attackers to bypass the rate-limit protection mechanism. Note that the project recommends a reverse proxy to prevent this...
NiceRAT Malware Targets South Korean Users via Cracked Software
Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...
Payroll Management System 1.0 Remote Code Execution
Exploit Title: Payroll Management System v1.0 RCE Unauthenticated Google Dork: intitle:"Employee's Payroll Management System" Date: 16/06/2024 Exploit Author: ShellUnease Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers...
PT-2024-25905 · Ghost · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost versions 5.85.1 and earlier Description: The issue allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. The vendor recommends installing Ghost...
CVE-2024-34451
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limiting protection mechanism by using multiple X-Forwarded-For headers with different values. Affected software: Ghost, version 5.85.1 and earlier. Root cause: abuse of X-Forwarded-For headers to defeat rate-limiting. ...
Exploit for Deserialization of Untrusted Data in Clear Clearml
ClearML Exploit Script This repository contains a Python expl...
Exploit for Deserialization of Untrusted Data in Clear Clearml
...
Exploit for Deserialization of Untrusted Data in Clear Clearml
...
Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12262)
An attacker residing on the LAN can send reverse-ARP responses to the victim system to assign unicast IPv4 addresses to the target. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Fedora: Security Advisory (FEDORA-2024-06e6dcbb42)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-2e4858330c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: nginx-1.26.1-1.fc39
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
[SECURITY] Fedora 40 Update: nginx-1.26.1-1.fc40
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
Metasploit Weekly Wrap-Up 06/07/2024
New OSX payloads:ARMed and Dangerous In addition to an RCE leveraging CVE-2024-5084 to gain RCE through a WordPress Hash form, this release features the addition of several new binary OSX stageless payloads with aarch64 support: Execute Command, Shell Bind TCP, and Shell Reverse TCP. The new...
Fedora: Security Advisory for rust-rustcat (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rust-uu_tac (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2024-32193
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the drm/amd/display component in the Linux kernel, where the UnboundedRequestEnabled value is a pointer dml bool t UnboundedRequestEnabled and is checked as an...
Breaking a Password Manager
Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number...
Exploit for Injection in Vm2_Project Vm2
CVE-2023-30547 vm2 is a sandbox that can run untrusted code wi...