PT-2024-19851 · Qualcomm · Snapdragon +13

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption that occurs during network scan requests. This can potentially lead to exploitation. No information is provided abo...

SUSE CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

Exploit for CVE-2024-9441

Nortek Linear eMerge E3 Pre-Auth RCE PoC CVE-2024-9441...

reNgine 2.2.0 Command Injection

Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...

reNgine 2.2.0 - Command Injection (Authenticated)

Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...

reNgine 2.2.0 - Command Injection (Authenticated) Vulnerability

Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3. Modify any Scan...

Apache Struts 2.0.0 < 2.3.18 RCE (S2-008)

The version of Apache Struts installed on the remote host is prior to 2.3.18. It is, therefore, affected by a vulnerability as referenced in the S2-008 advisory. - The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute...

CVE-2024-46648

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scanfolder...

eNMS 安全漏洞

eNMS is a network automation platform from eNMS Open Source. A security vulnerability exists in eNMS versions 4.4.0 through 4.7.1, which stems from vulnerability to directory traversal attacks via scanfolder...

PT-2024-32093 · Enms · Enms

Name of the Vulnerable Software and Affected Versions: eNMS versions 4.4.0 through 4.7.1 Description: The issue is related to a Directory Traversal vulnerability in the scan folder feature. This vulnerability allows unauthorized access to sensitive files and directories. Recommendations: For eNMS...

CVE-2024-46648

eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scanfolder...

Imperius - Make An Linux Kernel Rootkit Visible Again

A make an LKM rootkit visible again. This tool is part of research on LKM rootkits that will be launched. It involves getting the memory address of a rootkit's "showmodule" function, for example, and using that to call it, adding it back to lsmod, making it possible to remove an LKM rootkit. We c...

Amazon Linux 2 : kernel (ALASKERNEL-5.15-2024-054)

The version of kernel installed on the remote host is prior to 5.15.149-99.162. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.15-2024-054 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize...

Schneider Electric Accutech Manager Server Detection

Binary data schneiderelectricaccutechmanagerserverdetect.nbin...

23andMe to pay $30 million in settlement over 2023 data breach

Genetic testing company 23andMe will pay $30 million to settle a class action lawsuit over a 2023 data breach which ended in some customers having information like names, birth years, and ancestry information exposed. In October 2023, we reported on how information belonging to as many as seven...

BIT-GITLAB-2024-2743 Incorrect Authorization in GitLab

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS open-sourced by Zephyr. A security vulnerability exists in Zephyr version 3.6 and earlier, which stems from an incorrect discard routine causing a heap overflow in bthcileadvextreport in /subsys/bluetooth/host/scan.c. The vulnerability is...

CVE-2024-2743

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...

CVE-2024-2743 Incorrect Authorization in GitLab

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables...

CVE-2024-2743

Removed by vendor...