Ransomware-Simulator - Ransomware Simulator Written In Golang

The goal of this repository is to provide a simple, harmless way to check your AV's protection on ransomware. This tool simulates typical ransomware behaviour, such as: Staging from a Word document macro Deleting Volume Shadow Copies Encrypting documents embedded and dropped by the simulator into...

Understanding compliance platform capabilities: black box automation has its limitations

Compliance is hard. It is not a "black box" of opaque inputs and outputs, where systems and data are hidden and where users are oblivious to their inner workings. There has yet to be a product made that can magically produce all the evidence sufficient for testing and verification across the wide...

UBUNTU-CVE-2021-42859

DISPUTED A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains a variety of vulnerable applications, including web servers, databases, and other web-base...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Root shell PoC for CVE-2021-3156 no brutef...

PT-2022-11714 · Mini-Xml · Mini-Xml

Name of the Vulnerable Software and Affected Versions: Mini-XML version 3.2 Description: A memory leak issue was discovered that could cause a denial of service. Testing reports are inconsistent, with some testers seeing the issue in the 3.2 release, while others did not see the issue in this...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228Apache Log4j Remote Code Execution） all log...

GHSA-Q4QQ-8Q2R-G2F2 Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin

ReadyAPI Functional Testing Plugin stores project passwords in job config.xml files on the Jenkins controller as part of its configuration. While these passwords are stored encrypted on disk since ReadyAPI Functional Testing Plugin 1.4, they are transmitted in plain text as part of the global...

GHSA-CCWP-633J-G29V Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin

ReadyAPI Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files as part of its configuration. These project passwords can be viewed by attackers with Extended Read permission or access to the Jenkins controller file system. ReadyAPI Functional Testi...

Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin

ReadyAPI Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files as part of its configuration. These project passwords can be viewed by attackers with Extended Read permission or access to the Jenkins controller file system. ReadyAPI Functional Testi...

GHSA-8X6C-375H-PM4F Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

Cleartext Storage of Sensitive Information in Jenkins Extensive Testing Plugin

Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking

Following a recent Supreme Court ruling, the Justice Department will no longer prosecute "good faith" security researchers with cybercrimes: The policy for the first time directs that good-faith security research should not be charged. Good faith security research means accessing a computer solel...

Microsoft XML Core Services Information Disclosure Vulnerability

Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...

Spring for GraphQL 1.0 Release

On behalf of the Spring for GraphQL team and every contributor, it is my pleasure to announce the 1.0 GA release. Its been 10 months since the project was announced and under 2 years since the first commit, unremarkably called "first commit". The project began with the modest goal to replace the...

Kali Linux 2022.2 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2022.2. This release has various impressive updates. The summary of the changelog since the 2022.1 release from February 2022 is: GNOME 42 - Major release update of the popular desktop environment KDE Plasma 5.24 - Version bump with a more...

cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), com.adobe.cq.commerce:cq-commerce-core (>=5.6.0 <=5.13.18) +119 more potentially affected by CVE-2013-5679 via org.owasp.esapi:esapi (=2.0.1)

org.owasp.esapi:esapi MAVEN version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.owasp.esapi:esapi and may be impacted: - cloud.genesys:web-messaging-sdk =3.0.0, =5.6.0, =2.0.54, =5.6.2, =1.0.36, =1.0.24, =5.5.4, =1.0.0, =5.6.4, =1.0.8,...

GHSA-MV8G-FHH6-6267 Django user with hardcoded password created when running tests on Oracle

Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually...

Why MRG-Effitas matters to SMBs

When selecting the right cybersecurity vendor to protect their operations, small- and medium-sized businesses SMBs can lean on several third-party research organizations that analyze which cybersecurity products can best prevent, detect, and clean up various types of cyberattacks today. But these...

Malicious code in rainbow-bridge-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c77a9d522ecbb7447f430c4592aa064aa157816d39b65c4da941b07d2b2da05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...