DNA testing service to pay $400k for data breach it ignored

By Habiba Rashid DNA Diagnostics Center DDC, a US-based DNA testing service suffered a data breach in November 2021, in which… This is a post from HackRead.com Read the original post: DNA testing service to pay $400k for data breach it ignored...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2023-21839 Using this project to attack or test target...

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 CVSS score: 9.8, the remote code execution flaw allows a complete takeover of the...

com.adobe.aem:aem-sdk-api (=2020.6.3800.20200626T210738Z-200604), com.adobe.cq:core.wcm.components.testing.aem-mock-plugin (>=2.17.10 <=2.24.6) +113 more potentially affected by CVE-2023-25621 via org.apache.sling:org.apache.sling.i18n (>=2.0.2 <=2.5.6)

org.apache.sling:org.apache.sling.i18n MAVEN version =2.0.2, =2.17.10, =0.0.10, =1.0, =5.5.4, =5.6.2 and more Source cves: CVE-2023-25621 Source advisory: OSV:GHSA-MRPV-5PMR-P92H...

K31085564: Spectre SWAPGS gadget vulnerability CVE-2019-1125

Security Advisory Description An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. CVE-2019-1125 also known as Spect...

PT-2023-1915 · Zyxel · Zyxel Lte3316-M604 +1

Name of the Vulnerable Software and Affected Versions: Zyxel LTE3316-M604 version V2.00ABMP.6C0 Zyxel LTE3202-M437 affected versions not specified Description: A security misconfiguration vulnerability exists due to a factory default misconfiguration intended for testing purposes. This allows a...

American Fuzzy Lop plus plus 安全漏洞

American Fuzzy Lop plus plus AFL++ is is an advanced branch of Google's AFL - faster, more and better mutations, more and better instrumentation, custom module support, and more. AFL++ 4.05c contains a security vulnerability that originates in the CmpLog component that uses the current working...

Threat Exposure Management: An Overview

In recent years, the threat landscape has rapidly evolved, resulting in a growing number of cyber security incidents. This has led organizations to focus on the effective management of their threat exposure, as a means of mitigating the risk of cyber attacks. Threat exposure management is a...

LuckyFrame SQL注入漏洞

LuckyFrame is a free and open source testing platform. A security vulnerability exists in LuckyFrame v3.5, which originates from a SQL injection vulnerability in the dataScope parameter in /system/DeptMapper.xml...

Microsoft Security Update Validation Report February 2023

Microsoft’s February 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

Atrocore 1.5.25 Shell Upload

Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...

Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps

In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security are often at odds with each other— if a new feature is...

Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps

In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security are often at odds with each other— if a new feature is...

SUSE CVE-2006-0645

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

SUSE CVE-2016-9013

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

SUSE CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE...

SUSE CVE-2018-1116

A flaw was found in polkit before version 0.116. The implementation of the polkitbackendinteractiveauthoritycheckauthorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informati...

SUSE CVE-2020-2250

Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system...

SUSE CVE-2021-24001

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox 88...

SUSE CVE-2021-42859

A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release...