CVE-2023-32699

MeterSphere is affected by a denial-of-service vulnerability in versions up to 2.9.1. The issue arises when a user submits an excessively long password during login, triggering the MD5-based password hashing (CodingUtil.md5) to run for the long password and exhaust server CPU/memory, potentially ...

[SECURITY] Fedora 38 Update: python3.6-3.6.15-18.fc38

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass

PrinterLogic SaaS, multiple vulnerabilities =========================================================== PrinterLogic's Enterprise Print Management software allows IT professionals to simplify printer driver management and empower end users. -- https://www.printerlogic.com/ Background...

PentestGPT - A GPT-empowered Penetration Testing Tool

A GPT-empowered penetration testing tool. Common Questions Q : What is PentestGPT? A : PentestGPT is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operate in an interactive mode to guide penetration...

New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids

A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY , adding it was uploaded to the VirusTotal public malware scanning utility i...

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing SAST solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on...

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing SAST solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on...

Hubstaff 1.6.14-61e5e22e - (wow64log) DLL Search Order Hijacking Vulnerability

Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor Description Hubstaff i...

Verify the correspondence between trading pairs and pools

Lines of code Vulnerability details Impact It may cause the correct ProjectToken to be locked, and transfer the wrong ProjectToken to the beneficiary. Proof of Concept Add test USDC after line 78 in the test file. IERC20 usdc = IERC200xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48; Modify line 142...

Privacy Sandbox Initiative: Google to Phase Out Third-Party Cookies Starting 2024

Google has announced plans to officially flip the switch on its twice-delayed Privacy Sandbox initiatives as it slowly works its way to deprecate support for third-party cookies in Chrome browser. To that end, the search and advertising giant said it intends to phase out third-party cookies for 1...

Identifying a Patch Management Solution: Overview of Key Criteria

Software is rarely a one-and-done proposition. In fact, any application available today will likely need to be updated – or patched – to fix bugs, address vulnerabilities, and update key features at multiple points in the future. With the typical enterprise relying on a multitude of applications,...

kernel: ice: Fix call trace with null VSI during VF reset

In the Linux kernel, the following vulnerability has been resolved: ice: Fix call trace with null VSI during VF reset During stress test with attaching and detaching VF from KVM and simultaneously changing VFs spoofcheck and trust there was a call trace in iceresetvf that VF's VSI is null...

wireshark security and bug fix update

1:3.4.10-4 - Resolves: 2152064 - CVE-2022-3190 wireshark: f5ethtrailer Infinite loop in legacy style dissector 1:3.4.10-3 - Resolves: 2083581 - capinfos aborts in FIPS 1:3.4.10-2 - Resolves: 2160648 - Enhanced TMT testing for centos-stream...

PassMute - PassMute - A Multi Featured Password Transmutation/Mutator Tool

This is a command-line tool written in Python that applies one or more transmutation rules to a given password or a list of passwords read from one or more files. The tool can be used to generate transformed passwords for security testing or research purposes. Also, while you doing pentesting it...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 Pseudo Shell Description This Python script...

Exploit for Command Injection in Deltaww Dx-3021L9_Firmware

CVE-2022-46169 Pseudo Shell Description This Python script...

The vulnerability of the Core component of the Oracle Health Sciences InForm software for clinical testing allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle Health Sciences InForm software for clinical testing is related to insufficient validation of input data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

The vulnerability of the Swing component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to manipulate data.

The vulnerability of the Swing component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability allows a remote attacker to manipulate data...

The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to disclose protected information.

The vulnerability of the Hotspot component of Oracle’s software platform and the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...