Top 10 Critical Pentest Findings 2024: What You Need to Know

One of the most effective ways for information technology IT professionals to uncover a company's weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks, penetration testing, sometimes called pentests, provides invaluable insights into an organization's...

MeterSphere 跨站脚本漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...

Exploit for OS Command Injection in Php

CVE-2024-4577: PHP CGI Argument Injection XAMPP 💀 Featur...

Exploit for OS Command Injection in Php

PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI...

Fedora: Security Advisory for rust-cargo-insta (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-C74F-6MFW-MM4V Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC

Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...

Exploit for CVE-2024-4956

CVE-2024-4956 This repository contains a Python utility for a...

The system’s vulnerability for testing and training SAP IDES arises from the lack of measures taken to neutralize special elements used in the operating system command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the SAP IDES system for testing and training exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

[SECURITY] Fedora 39 Update: wildcard-0.3.3-3.fc39

Wildcard gives you a nice and simple to use interface to test/practice regular expressions...

[SECURITY] Fedora 39 Update: rust-tree-sitter-cli-0.22.5-2.fc39

CLI tool for developing, testing, and using Tree-sitter parsers...

[SECURITY] Fedora 39 Update: rust-cargo-insta-1.38.0-2.fc39

A review tool for the insta snapshot testing library for Rust...

[SECURITY] Fedora 39 Update: python3.6-3.6.15-28.fc39

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919-Check-Point-Remote-Access-VPN CVE-2024-24919...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919-POC Read about it - https://nvd.nist.gov/...

[SECURITY] Fedora 40 Update: python3.6-3.6.15-30.fc40

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

CVE-2024-36118

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There...

CVE-2024-36118

MeterSphere (test management/interface testing tool) contains an information-disclosure flaw where users lacking workspace permissions could view functional test cases from other workspaces. The issue is remedied in version 2.10.15-lts; upgrade recommended. No exploit details are provided in the ...

CVE-2024-36118 Unauthorized viewing of workspace test cases in MeterSphere

MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There...

CVE-2024-36896

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disablestore: usbhubtostructhub can return NULL if the hub that the port belongs to is concurrently removed, but...