CVE-2024-22419 concat built-in can corrupt memory in vyper

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the buildIR for concat doesn't properly adhere to the API of co...

Unit Testing Frameworks: A Quick Comparison

Stepping Forward in Understanding Software Unit Evaluation Venturing into the realm of software creation, emphasizing quality takes center stage. This gold standard governs aspects such as operational capabilities, dependability, and the overall performance of your software. Regular assessments, ...

Oracle Application Testing Suite DoS (January 2024 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service vulnerability as referenced in the January 2024 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for We...

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has fixed vulnerabilities in Enterprise Manager components. A malicious party could exploit the vulnerabilities to perform attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Access to sensitive data Access to system data Oracle...

crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)

Impact On some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn parts of the secret key. Patches Patched in https://github.com/kudelskisecurity/crystals-go/pull/21 Note This library was written as part of a MsC student project in the...

Exploit for Command Injection in Ivanti Connect_Secure

🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...

Application Security Posture Management

Accelerating the Remediation of Vulnerabilities From Code To Cloud Written by Eric Sheridan, Chief Innovation Officer, Tromzo In this guest blog post by Eric Sheridan, Chief Innovation Officer at valued Rapid7 partner Tromzo, you’ll learn how Rapid7 customers can utilize ASPM solutions to...

Malicious code in testing-burp-library-please-ignore (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2249726c84e729bde202820bcc2ac6cdfaec65115b09e7505b33a51158988aad The OpenSSF Package Analysis project identified 'testing-burp-library-please-ignore' @ 1.0.0 npm as malicious. It is considered malicious becaus...

OESA-2024-1072 testng security update

TestNG is a testing framework inspired from JUnit and NUnit but introducing some new functionality that make it more powerful and easier to use, such as: Annotations. Run your tests in arbitrarily big thread pools with various policies available all methods in their own thread, one thread per tes...

The vulnerability of the password-recovery.php script of the testing management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the password-recovery.php script of the testing management system related to the PHPGurukul Nipah Virus Testing Management System lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL...

Microsoft Security Update Validation Report January 2024

Microsoft’s January 2024 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwar...

Oracle Linux 9 : ipa (ELSA-2024-0141)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0141 advisory. 4.10.2-5.0.1 - Resolves: 2242828 Invalid CSRF protection CVE-2023-5455 Tenable has extracted the preceding description block directly from the Oracle Linux...

CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

CVE-2023-5455 Ipa: invalid csrf protection

A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

CVE-2023-5455 Ipa: invalid csrf protection

A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During...

Oracle Linux 7 : ipa (ELSA-2024-0145)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0145 advisory. 4.6.8-5.0.1 - Blank out header-logo.png product-name.png - Replace login-screen-logo.png Orabug: 20362818 4.6.8-5.el79.16 - Resolves: RHEL-12570 ipa: Invalid CS...

CATSploit - An Automated Penetration Testing Tool Using Cyber Attack Techniques Scoring

CATSploit is an automated penetration testing tool using Cyber Attack Techniques Scoring CATS method that can be used without pentester. Currently, pentesters implicitly made the selection of suitable attack techniques for target systems to be attacked. CATSploit uses system configuration...

CMSMS 2.2.19 Arbitrary File Upload Vulnerability

The parameter "fileupload" in type ID is vulnerable to File Upload and RCE attacks, it is not sanitized correctly. The attacker can upload a virus directly on the server by using this web vulnerability, and then he can execute it, this can be the end of this server depending on the scenario! In...

DNA data deserves better, with Suzanne Bernstein: Lock and Code S05E01

This week on the Lock and Code podcast… Hackers want to know everything about you: Your credit card number, your ID and passport info, and now, your DNA. On October 1 2023, on a hacking website called BreachForums, a group of cybercriminals claimed that they had stolen—and would soon...