[SECURITY] Fedora 36 Update: python3.9-3.9.13-2.fc36

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

Microsoft Security Update Validation Report June 2022

Microsoft’s June 2022 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

vulhub

This is an open-source vulnerability training platform. It is a collection of vulnerable environments for training and testing purposes, allowing users to practice their penetration testing and vulnerability assessment skills in a safe and controlled environment. The platform is maintained by the...

Goreplay - Open-Source Tool For Capturing And Replaying Live HTTP Traffic Into A Test Environment In Order To Continuously Test Your System With Real Data

GoReplay is an open-source network monitoring tool which can record your live traffic and use it for shadowing, load testing, monitoring and detailed analysis. About As your application grows, the effort required to test it also grows exponentially. GoReplay offers you the simple idea of reusing...

CVE-2022-32259

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with...

CVE-2022-32259

CVE-2022-32259 affects Siemens SINEMA Remote Connect Server (all versions before v3.1). The root issue is that system images used for installation/update contain unit test scripts with sensitive information, enabling an attacker to gain information about the testing architecture and tamper with t...

CVE-2022-32259

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with...

CVE-2022-32259

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with...

PT-2022-21184 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.1 Description: A vulnerability has been identified where system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker...

Design/Logic Flaw

kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...

CVE-2022-31055 Improper Access Control in kctf

kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...

PT-2022-20493 · Kctf · Kctf

Name of the Vulnerable Software and Affected Versions: kCTF versions prior to 1.6.0 Description: The kCTF cluster set-src-ip-ranges feature was broken, allowing traffic from any IP. This issue has been patched in version 1.6.0. As a workaround for private challenge testing, users can mark...

Exfilkit - Data Exfiltration Utility For Testing Detection Capabilities

Data exfiltration utility for testing detection capabilities Description Data exfiltration utility used for testing detection capabilities of security products. Obviously for legal purposes only. Exfiltration How-To /etc/shadow - HTTP GET requests Server ./exfilkit-cli.py -m...

WhiteBeam - Transparent Endpoint Security

Transparent endpoint security Features Block and detect advanced attacks Modern audited cryptography: RustCrypto for hashing and encryption Highly compatible: Development focused on all platforms incl. legacy and architectures Source available: Audits welcome Reviewed by security researchers with...

The vulnerability in Intel NUC’s built-in software exists due to insufficient testing of input data, allowing attackers to exploit their privileges.

The vulnerability of Intel NUC’s built-in software exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to gain increased privileges...

Malicious code in calc_testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e35f3e7bc8f28b26fd87344b7a088da9c2671c09f477a41a852a650626a7c5ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cyber Risk Retainers: Not Another Insurance Policy

The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response IR gameplan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must...

This Week in Spring - June 7th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...

Microsoft Autopatch is here…but can you use it?

Updating endpoints on a network can be a daunting task. Testing before rollout can take time. Delays to patches going live can cause all manner of headaches. Windows Autopatch aims to tackle some of these issues, and is now live for public preview. The release comes with a few caveats which youll...

Exploit for SQL Injection in Casbin Casdoor

POC for CVE-2022-24124 Exploit Code for CVE-2022-24124ht...