CVE-2023-41946

A cross-site request forgery CSRF vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified...

CVE-2023-41946

A cross-site request forgery CSRF vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified...

CVE-2023-41946

CVE-2023-41946 concerns a CSRF vulnerability in Jenkins Frugal Testing Plugin, affecting version 1.1 and earlier. The flaw allows an attacker to connect to Frugal Testing using attacker-specified credentials and to retrieve test IDs and names if the credential maps to the attacker’s username. Con...

PT-2023-25567 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 2.1.0 Description: The issue is related to improper REST API permission in Apache Superset, allowing authenticated Gamma users to test network connections, which may lead to a possible Server-Side...

Jenkins Plugin Frugal Testing Cross-Site Request Forgery Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Jenkins Plugin Frugal Testing Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-28184 · Jenkins · Jenkins Frugal Testing Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Frugal Testing Plugin versions 1.1 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from...

Event Booking Calendar 4.0 Cross Site Scripting Vulnerability

Title: Event Booking Calendar-4.0 XSS-Reflected Author: nu11secur1ty Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The value of the index reque...

Key Cybersecurity Tools That Can Mitigate the Cost of a Breach

IBM's 2023 installment of their annual "Cost of a Breach" report has thrown up some interesting trends. Of course, breaches being costly is no longer news at this stage! What's interesting is the difference in how organizations respond to threats and which technologies are helping reduce the cost...

[SECURITY] Fedora 37 Update: python3.8-3.8.18-1.fc37

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

Maltrail v0.53 RCE PoC for Maltrail v0.53 RCE I could not get...

DNSWatch - DNS Traffic Sniffer and Analyzer

DNSWatch is a Python-based tool that allows you to sniff and analyze DNS Domain Name System traffic on your network. It listens to DNS requests and responses and provides insights into the DNS activity. Features Sniff and analyze DNS requests and responses. Display DNS requests with their...

Cyberattacks Targeting E-commerce Applications

Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing and ongoing...

Using incorrect parameter for checking the reserve

Lines of code Vulnerability details Impact At line 549 within the swap function's code, the internal call to the function checkBalances checks the reserve for token x is carried out using xi + specifiedAmount instead of xi + roundedSpecifiedAmount. When using roundedSpecifiedAmount passes the che...

Attacker can profitable trade with the pool

Lines of code Vulnerability details Impact The swap invariant used is unstable with large pool reserves locked. An attacker can generate a profit by trading with the pool, hurting Liquidity Providers. Proof of Concept To find some vulernable configurations we fuzzed the swap function of the Prote...

Potential pools unavailable

Lines of code Vulnerability details Impact The function getPointGivenXandUtility may always rollback and report an error CurveError. Proof of Concept According to the formula y = k^2 u^2/aku + x - bku, it is possible to find the other coordinates of a point on the curve when given a u and a...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

winrarCVE-2023-38831lazypoc lazy way to create CVE-2023-388...

Kali Linux 2023.3 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2023.3. This release has various impressive updates. The highlights of the changelog since the 2023.2 release from May: Internal Infrastructure - Major stack changes is under way Kali Autopilot - The automation attack framework has had an major...

Cosmos: Circuit Breaker Authorization Issue

Vulnerability description not provided...

AD_Enumeration_Hunt - Collection Of PowerShell Scripts And Commands That Can Be Used For Active Directory (AD) Penetration Testing And Security Assessment

Description Welcome to the AD Pentesting Toolkit! This repository contains a collection of PowerShell scripts and commands that can be used for Active Directory AD penetration testing and security assessment. The scripts cover various aspects of AD enumeration, user and group management, computer...