JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...

JSA10414 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Security Bundle - Admin Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerability found and fixed through a combination of internal and external proactive security testing: - When an admin uses certain sub-menus within the console, a timeout is...

JSA10490 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS): Cross Site Scripting Issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Cross Site Scripting issue found in Secure Meeting web...

JSA10413 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - Security Bundle - Authentication & Authorization Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Authentication & Authorization vulnerability found and fixed through a combination of internal and external proactive security testing: - When using NTLMv1 or NTLMv2 authentication...

JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing: Issue with special characters used in a parameter in...

Good, Perfect, Best: how the analyst can enhance penetration testing results

Penetration testing is something that many of those who know what a pentest is see as a search for weak spots and well-known vulnerabilities in clients infrastructure, and a bunch of copied-and-pasted recommendations on how to deal with the security holes thus discovered. In truth, it is not so...

vulhub

This is a collection of vulnerable web applications and tools for testing and learning about web application security. The repository contains a variety of applications, including CouchDB, FFmpeg, Git, and Jenkins, each with its own set of vulnerabilities. The applications are designed to be used...

git security update

2.31.1-3 - Fixes CVE-2022-23521 and CVE-2022-41903 - Tests: try harder to find open ports for apache, git, and svn - Resolves: 2162063...

UBUNTU-CVE-2022-4206

A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report...

The vulnerability of the Core component of the Oracle VM VirtualBox software for Windows operating systems allows a hacker to trigger a service failure.

The vulnerability of the Core component of the Oracle VM VirtualBox virtualization software for Windows operating systems is related to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Core component of the Oracle VM VirtualBox software for Windows operating systems allows a hacker to trigger a service failure.

The vulnerability of the Core component of the Oracle VM VirtualBox virtualization software for Windows operating systems is related to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

Metasploit Framework 6.3 Released

The Metasploit team is pleased to announce the release of Metasploit Framework 6.3, which adds native support for Kerberos authentication, incorporates new modules to conduct a wide range of Active Directory attacks, and simplifies complex workflows to support faster and more intuitive security...

SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to be used as an interactive penetration testing tool for SSTI detection...

UBUNTU-CVE-2022-3902

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing...

Introducing kernel sanitizers on Microsoft platforms

As part of Microsoft’s commitment to continuously raise security baselines, we have been introducing innovations to the foundation of the chip-to-cloud security outlined in the Windows 11 Security Book. Strong foundational security enables us to build defenses from the ground up and develop...

Is Once-Yearly Pen Testing Enough for Your Organization?

Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for...

Is Once-Yearly Pen Testing Enough for Your Organization?

Any organization that handles sensitive data must be diligent in its security efforts, which include regular pen testing. Even a small data breach can result in significant damage to an organization's reputation and bottom line. There are two main reasons why regular pen testing is necessary for...

CISA releases advice on how to safeguard K–12 organizations

To help K-12 schools and school districts in their struggle against cybercrime the Cybersecurity & Infrastructure Security Agency CISA has released the report, Protecting Our Future: Partnering to Safeguard K-12 organizations from Cybersecurity Threats. A cybersecurity incident can significantly...

Malicious code in testing-postinstall (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92117c1864ea6df0bfd00f9d5f2f45cd011b75117f4ba545096788dcc75c0a57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-856 Malicious code in testing-postinstall (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92117c1864ea6df0bfd00f9d5f2f45cd011b75117f4ba545096788dcc75c0a57 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...