Nuclei 3.4.6

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...

Ensure That the Password Validity Is Set Correctly

If a password is not changed for a long time, the password is vulnerable to brute force cracking, which compromises system security. If the password validity period is set too short, the password needs to be changed frequently, increasing management costs. In addition, users may fail to log in...

Siemens Teamcenter Visualization and JT2Go Type Obfuscation Vulnerability

Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios.Siemens JT2GO is a JT file viewer. A type confusion vulnerability exists in Siemens Teamcenter Visualization and JT2Go, which can be exploited by an attacker to execute code in the...

Gaps in Azure Service Fabric’s Security Call for User Vigilance

In this blog post, we discuss different configuration scenarios that may lead to security issues with Azure Service Fabric, a distributed platform for deploying, managing, and scaling microservices and container applications...

Mitigation Confirmed for Mitigation of H-06 Issue mitigated

C4 issue H-06: MinipoolManager: node operator can avoid being slashed Comments In the original implementation, there were a few scenarios where malicious node operators can avoid being slashed. Mitigation PR 41 This PR includes mitigation for various issues H-03, H-06, M-13. Just focusing on the...

Tackle Your Cloud Challenges, One Scenario at a Time

Forrester’s quick start cards cover 18 common issues with cloud migrations and operations, and suggest actions to mitigate each one...

Qualys Security Updates: Cloud Agent for Linux

The security and protection of our customers is of the utmost importance to Qualys, as is transparency whenever issues arise. A customer responsibly disclosed two scenarios related to the Qualys Cloud Agent: 1. For the first scenario, we added supplementary safeguards for signatures running on...

GSD-2022-1002716 nvdimm: Fix firmware activation deadlock scenarios

nvdimm: Fix firmware activation deadlock scenarios This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

Reentrancy attack in collateral.transferFrom that borrowers can trick lenders to lend but the lenders will never get the collateral

Lines of code Vulnerability details Impact A borrower attacker can use reentrancy attack to request a loan successfully and the collateral is still owned by the attacker. If a lender victim tries to call lend on the malicious loan which seems normal, the lender will lose money and never get the...

Kubernetes-Goat - Is A "Vulnerable By Design" Kubernetes Cluster. Designed To Be An Intentionally Vulnerable Cluster Environment To Learn And Practice Kubernetes Security

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security. Refer tohttps://madhuakula.com/kubernetes-goat for the guide. Show us some Please feel free to send us a PR and show some Upcoming Training's and Sessions DEFCON DEMO...

Mozilla Rust Memory Corruption Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. fizyk20/generic-array of Mozilla Rust suffers from a memory corruption vulnerability, which can be exploited by attackers to cause various memory corruption scenarios...

CoolCollege has an information breach

CoolCollege is a course service platform tailored for various companies. The software enhances learning efficiency and more through 36 scenarios such as course creation, assignment tracking, data analysis, and job certification. An information disclosure vulnerability exists in CoolCollege, which...

Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook's GraphQL Technology, To Learn And Practice GraphQL Security

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. About DVGA Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a...

GHSA-V7X3-7HW7-PCJG Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments

Impact Temporary repository tokens were leaked into Pull Requests comments in during certain Go Modules update failure scenarios. Patches The problem has been patched. Self-hosted users should upgrade to v19.38.7 or later. Workarounds Disable Go Modules support. References Blog post:...

Azure SSH Keypairs Security Feature Bypass Vulnerability

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init. Extraneous Microsoft service public keys can be unexpectedly added to the VM authorized keys file in the limited scenarios described in 4491476. For more...

7 Scenarios for How the Mueller Probe Might End

Reports say that the special counsel will be "wrapping up" his investigation soon. Here's what that might actually mean...

Metta - An Information Security Preparedness Tool To Do Adversarial Simulation

Metta is an information security preparedness tool. This project uses Redis/Celery, python, and vagrant with virtualbox to do adversarial simulation. This allows you to test mostly your host based instrumentation but may also allow you to test any network based detection and controls depending on...

Mail.ru: Double authentication bypass

Report describes current behavior of "Bind session to IP" and "Disable parallel session" security settings and is unrelated to authentication. While behavior doesn't match to reporter's expectation e.g. mobile and desktop sessions may exist in parallel despite of the settings current behavior is...

Microsoft Bounty Programs Expansion - Nano Server Technical Preview Bounty

Microsoft is pleased to announce another expansion of the Microsoft Bounty Programs. Today we begin a bounty for the Nano Server installation option of Windows Server 2016Technical Preview 5. Please visit https://aka.ms/BugBounty to find more details. Nano Server is a remotely administered,...

Metabrik - Perl Brik Platform

Smartphones have their apps, Web browsers have their apps, shells don’t. With Metabrik , we tried to merge the power of shells with the power of the Perl language by creating a platform allowing to quickly write reusable Briks. Metabrik goals: Glue the Perl language with a shell Give a standardis...