25 matches found
EUVD-2021-34636
Malicious code in bioql PyPI...
CVE-2025-50081
...
CISA Releases Fourteen Industrial Control Systems Advisories
CISA released fourteen Industrial Control Systems ICS advisories on November 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-320-01 Red Lion Sixnet RTUs ICSA-23-320-02 Hitachi Energy MACH System Software...
Command Execution Vulnerability in Programming Cat PC Client
Programming Cat is a fun programming software developed for children and teenagers over 8 years old. Programming Cat computer client has a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary functions...
isf1
This is an offensive tool for Industrial Control Systems ICS exploitation. It is a Python-based framework, similar to Metasploit, designed for ICS exploitation. The framework is called ICSSploit and is a fork of the routersploit project. The tool has various modules for different types of ICS...
exploitdb-bin-sploits
This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains a collection of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. It is intended to serve as the...
68% of Overwhelmed IT Managers Say They Can't Keep Up with Cyberattacks
IT managers feel overwhelmed by the volume of cyberattack attempts, with most of them admitting that successful hacks of their company networks are becoming the norm. That’s according to a research report The Impossible Puzzle of Cybersecurity, released Friday. In a survey of 3,100 IT managers...
Everything you need to know about ATM attacks and fraud: Part 1
Flashback to two years ago. At exactly 12:33 a.m., a solitary ATM somewhere in Taichung City, Taiwan, spewed out 90,000 TWD New Taiwan Dollar—about US$2,900 today—in bank notes. No one was cashing out money from the ATM at the time. In fact, this seemingly odd system glitch was actually a test: T...
How vulnerability research benefits both vendors and customers
Zero-day vulnerabilities - newly discovered exploits that haven't been previously identified - are now emerging more often. Worse still is the fact that these dangerous flaws sometimes aren't pinpointed until hackers have already exploited them. According to a prediction from Cybersecurity Ventur...
NSA bought Hacking tools from 'Vupen', a French based zero-day Exploit Seller
The US government, particularly the National Security Agency has been paying a French security firm for backdoors and zero day hacks. According to a contract newly released in response to a Freedom of Information request, last year the NSA purchased a 12-month subscription to a “binary analysis a...
NSA Bought Exploit Service From VUPEN, Contract Shows
The U.S. government–particularly the National Security Agency–are often regarded as having advanced offensive cybersecurity capabilities. But that doesn’t mean that they’re above bringing in a little outside help when it’s needed. A newly public contract shows that the NSA last year bought a...
Exploit Hub Aims to be iTunes for Exploits
It’s been tried before, but NSS Labs founder Rick Moy says his company’s new Exploit Hub – a store front for exploit code – can work. In an interview with Threatpost.com, he explains why the current market for exploits doesn’t work for the good guys, and why zero day exploits don’t help anyone...
CGI bugs
No description provided...
CGI bugs
No description provided...
Happy Labor Day from Snosoft
For your reading pleasure I have attached some of the communication between myself and CERT regarding the issues recently released at: ftp://ftp1.support.compaq.com/public/unix/v5.1/T64V51B19-C0136901-15143-ES-20020817.txt We are in the process of making our formal advisories out of these...
Security holes : Rose, EasyNews, User Online, Mon Album, KorWebLog
Hello people : Product 1 : Rose http://www.jinxm.co.uk Version : 4.52 Problem : - Admin access Exploit : - newsadmin/upload.php?userinfousername=hop&userinfouserlevel=100 Product 2 : EasyNews http://www.webrc.ca Version : 4.3 Problem : - Admin access Exploits : - admin.php?enlogid=0&action=users ...
CVE-2021-30745
CVE-2021-30745 is marked as rejected, but connected documents describe a local privilege-escalation in Apple macOS QuartzCore. The flaw involves type confusion in the QuartzCore framework that can allow a low-privilege attacker to escalate privileges to the WindowServer context. The ZDI advisory ...
CVE-2024-38352
...
CVE-2018-4491
...
CVE-2017-13934
...