7411 matches found
Exploit for Deserialization of Untrusted Data in Givewp
Proof-Of-Concept Code for CVE-2024-8353 This repository conta...
CVE-2022-48870
In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spkttyiorelease Run the following tests on the qemu platform: syzkaller: modprobe speakupaudptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node MAJOR 10,...
Approach to mainframe penetration testing on z/OS
Information technology is developing at a rapid pace, with completely new areas emerging, such as DevOps and DevSecOps – and were striving to keep up. However, in some projects, you may encounter systems built on rather outdated principles. Such systems must be approached with care, since a singl...
CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...
CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...
Microsoft Security Update Validation Report August 2024
Microsoft’s August 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
CVE-2024-27198 In JetBrains TeamCity before 2023.11.4 authenti...
Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges
Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...
[SECURITY] Fedora 40 Update: python3.6-3.6.15-34.fc40
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...
Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report
In the 2024 Cloud Web Application and API Protection WAAP CyberRisk Comparative Validation Report from SecureIQLab, Imperva outperformed all other vendors in both security efficacy and operational efficiency. This comprehensive report, based on third-party testing, demonstrates Imperva's commitme...
Exploit for Command Injection in Commscope Arris_Tg2482A_Firmware
EN This project provides a Python script to exploit a remote c...
MAL-2024-7963 Malicious code in incisive_testing_stufff (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37f03819dee879740c46b3604769e69cdb0402e7b91eed0ae39079f3306d5bad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-7962 Malicious code in incisive_testing_stuffasdasdasd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bdb1bfbec781368ae80887d0cfbf5274c13f6e71f0f1c93de027875714a9f1c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Details Matter: Pentesting a single device to guarantee security
Rapid7’s penetration testing services regularly assess internal networks of various sizes. For this particular engagement, however, Rapid7 was tasked with performing a penetration test of just one device on an internal network. The device was being piloted for future deployment and the customer h...
SUSE CVE-2024-41097
In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacrubind Syzbot is still reporting quite an old issue 1 that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting...
RobotsAndPencils go-saml authentication bypass vulnerability
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
PT-2024-25801
Name of the Vulnerable Software and Affected Versions Nuxt affected versions not specified Description The issue arises from insufficient validation of the path parameter in the NuxtTestComponentWrapper, allowing an attacker to execute arbitrary JavaScript on the server side. This enables the...
Exploit for Command Injection in Nikhil-Bhalerao Poultry_Farm_Management_System
PoC exploit for CVE-2024-40110, an arbitrary file upload vulnera...
CVE-2024-42115
In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2freeinode During the stress testing of the jffs2 file system,the following abnormal printouts were found: 2430.649000 Unable to handle kernel paging request at virtual address...
CVE-2024-42090
A deadlock flaw was found in the Linux kernel’s pinctrl subsystem. This flaw allows a local user to crash the system. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and...