BIT-JENKINS-2020-2251

Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfsdmap.c:2867:6 index 196694 is out of range for type 's81365' aka 'signed char1365' CPU: 1...

metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of tools and resources for penetration testing and vulnerability assessment. The repository is maintained by Rapid7 and is used by security professionals to identify and exploit vulnerabilities in computer systems and network...

Exploit for Deserialization of Untrusted Data in Apache Activemq

ActiveMQ-Exploit Englishhttps://github.com/Arlenhiack/...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

TeamCity Exploit Script 🛠️ This script is designed to demonst...

CVE-2021-47090 mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()

In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvise with MADVSOFTOFFLINE. The BUG is triggered when retrying getanypage. This is because we keep...

CVE-2023-52490 mm: migrate: fix getting incorrect page mapping during page migration

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

CVE-2023-52490

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

CVE-2023-52489 mm/sparsemem: fix race in accessing memory_section->usage

In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memorysection-usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that ZONENORMAL ZONEDEVICE ZONENORMAL...

CanaryTokenScanner - Script Designed To Proactively Identify Canary Tokens Within Microsoft Office Documents And Acrobat Reader PDF (docx, xlsx, pptx, pdf)

Detecting Canary Tokens and Suspicious URLs inMicrosoft Office, Acrobat Reader PDF and Zip Files Introduction In the dynamic realm of cybersecurity, vigilance and proactive defense are key. Malicious actors often leverage Microsoft Office files and Zip archives, embedding covert URLs or macros to...

CVE-2021-46941

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with...

biz.netcentric.cq.tools.accesscontroltool:sling-maximum-version-environment (>=4.2.0 <=4.2.1), com.atlan:package-toolkit-testing (>=5.3.1 <=7.2.3) +975 more potentially affected by CVE-2024-22201 via org.eclipse.jetty.http2:jetty-http2-common (>=12.0.0 <=12.0.5)

org.eclipse.jetty.http2:jetty-http2-common MAVEN version =12.0.0, =4.2.0, =5.3.1, =2.6.0, =2.0.0, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.217, =0.230 and more Source cves: CVE-2024-22201 Source advisory: OSV:GHSA-RGGV-CV7R-MW98...

BackDoorSim - An Educational Into Remote Administration Tools

BackdoorSim is a remote administration and monitoring tool designed for educational and testing purposes. It consists of two main components: ControlServer and BackdoorClient. The server controls the client, allowing for various operations like file transfer, system monitoring, and more. Disclaim...

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnera...

Siemens Polarion ALM Faulty Default Privileges Vulnerability

Polarion ALM is an application lifecycle management solution that improves the software development process with a single, unified solution for requirements, coding, testing and release. Siemens Polarion ALM has a false default privilege vulnerability that can be exploited by an attacker to...

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

Design/Logic Flaw

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

CVE-2024-21682

CVE-2024-21682 affects Atlassian Jira Service Management Assets Discovery (formerly Insight Discovery) versions 1.0 through 6.2.0. The vulnerability is an authenticated injection that lets an attacker modify the actions of a system call, with high impact on confidentiality, integrity, and availab...