toolbox security update

An update is available for toolbox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The toolbox container image can be used with Toolbox to obtain Rocky Linux...

Users of ReraiseCrowdfund will potentially not receive appropriate voting power

Lines of code Vulnerability details Bug Description The recent code update introduces the functionality for authorities to reduce the total voting power by invoking the decreaseTotalVotingPower function of the party. However, this functionality can lead to issues when used in the time frame after...

Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode

Double Venom DVenom is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your shellcode. Capable of bypassing some well-known antivirus AVs. Offers multiple encryption methods including RC4, AES256, XOR, and ROT. Produces source code in C, Rust, PowerShell...

kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes A bad USB device is able to construct a service connection response message with target endpoint being ENDPOINT0 which is reserved for HTCCTRLRSVDSVC and should not be...

kernel: rcu: Fix __this_cpu_read() lockdep warning in rcu_force_quiescent_state()

A lockdep warning was found in the Linux kernel's RCU subsystem. The rcuforcequiescentstate function incorrectly uses thiscpuread in preemptible code context. This macro requires preemption to be disabled, but the code can be called from preemptible context during rcutorture testing, triggering a...

Testing with OpenAPI Specifications

The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...

Exploit for Code Injection in Vinchin Vinchin_Backup_And_Recovery

CVE-2024-22899-to-22903-ExploitChain 🛠️🔓 This repository hous...

Exploit for Server-Side Request Forgery in Moodle

CVE-2021-36396 Exploit Description This repository holds a...

Exploit for SQL Injection in Moodle

CVE-2021-36396 Exploit Description This repository holds a...

PentestPad: Platform for Pentest Teams

In the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy. The synergy between a skilled penetration...

Exploit for Heap-based Buffer Overflow in Gnu Glibc

Proof of concept for CVE-2023-4911 Looney Tunables This vu...

CVE-2023-5804

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier...

CVE-2023-5804 PHPGurukul Nipah Virus Testing Management System login.php sql injection

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier...

CVE-2023-5804

CVE-2023-5804 affects PHPGurukul Nipah Virus Testing Management System v1.0. The vulnerability lies in login.php where manipulation of the username parameter enables SQL injection. It is described as accessible remotely and could impact authentication data (C/I/A) as stated across sources. Connec...

Nipah virus Testing Management System SQL Injection Vulnerability

Nipah Virus Testing Management System is an online virus diagnostic platform. A SQL injection vulnerability exists in version 1.0 of the PHPGurukul Nipah Virus Testing Management System, which stems from an unknown function in login.php that causes a SQL injection via the username parameter...

Based on the functionality, if the releaseEscrow() function can be called by unauthorized entities, it can lead to potential misuse or unintended transfer of assets.

Lines of code Vulnerability details Impact The absence of access control on the releaseEscrow function presents a significant security risk. As it currently stands, any external actor or contract can invoke this function, which may result in the unintended release of escrowed funds. This opens up...

openexr -- Heap Overflow in Scanline Deep Data Parsing

Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. ... it is...

Oracle Application Testing Suite DoS (October 2023 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a denial of service vulnerability as referenced in the October 2023 CPU advisory: - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for We...

CVE-2023-46584

SQL Injection vulnerability in PHPGurukul Nipah virus NiV " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint...

CVE-2023-46584

SQL Injection vulnerability in PHPGurukul Nipah virus NiV " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint...