23andMe to pay $30 million in settlement over 2023 data breach

Genetic testing company 23andMe will pay $30 million to settle a class action lawsuit over a 2023 data breach which ended in some customers having information like names, birth years, and ancestry information exposed. In October 2023, we reported on how information belonging to as many as seven...

COVID19 Testing Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : COVID19 - Testing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...

[SECURITY] Fedora 41 Update: python3.9-3.9.19-6.fc41

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

UBUNTU-CVE-2024-46709

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes through the dmabuf interface instead of trying to access pages directly. External buffers might not provide direct access to...

Microsoft Security Update Validation Report September 2024

Microsoft’s September 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing...

[SECURITY] Fedora 40 Update: python3.6-3.6.15-37.fc40

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Nipah Virus Testing Management System 1.0 PHP Code Injection

============================================================================================================================================= | Title : Nipah virus NiV – Testing Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browse...

3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Challenge Tested Versions: 3DSecure 2.0 3DS Authorization Challenge Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab EE versions 13.3 to before 17.1.7,...

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...

CVE-2024-45025

CVE-2024-45025 affects the Linux kernel and relates to bitmap handling in the close_range path of file descriptor tables. The issue arises in copy_fd_bitmaps(), which copies words into full_fds_bits[] and may leave garbage in the last word if bits beyond the cutoff aren’t clear. The root cause is...

Moderate: Red Hat Bug Fix Advisory: Updated rhel9/toolbox container image

An updated rhel9/toolbox container image is now available in the Red Hat container registry. The rhel9/toolbox container image can be used with Toolbox to obtain RHEL based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and...

keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

Exploit for Incorrect Privilege Assignment in Litespeedtech Litespeed_Cache

LiteSpeed Cache Privilege Escalation Exp CVE-2024-28000Sc...

Exploit for Out-of-bounds Write in Mikrotik Routeros

cve-2023-30800-multithread-doser Multithredded DoS Python Scri...

[SECURITY] Fedora 39 Update: python3.9-3.9.19-6.fc39

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

Exploit for Insufficiently Protected Credentials in Litespeedtech Litespeed_Cache

Poc LiteSpeed Cache CVE-2024-44000 Exploit CVE-2024-44000 is a...

The US Navy Is Going All In on Starlink

The Navy is testing out the Elon Musk–owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online...

SAP Web GUI Login Brute Forcer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rkelly' class MetasploitModule 'Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal', 'Description' = %q This module exploits a...