The biggest challenges—and important role—of application security

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Tanya Janca, Founder of We Hack Purple...

SQL Injection Vulnerability in Schoolfree Psychological Assessment System (CNVD-2021-24370)

The School Worry-Free Psychological Assessment System is a platform for online mental health testing and diagnosis via the Internet. A SQL injection vulnerability exists in the School Worry Free Psychological Assessment System. An attacker can exploit the vulnerability to obtain sensitive...

Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on SSO integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the...

CVE-2020-28952

An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely...

CVE-2020-28952

An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should generate a unique Standard Network Key that is then exchanged with all enrolled devices so that all inter-device communication is encrypted. However, the cited Athom products use another widely...

Procrustes - A Bash Script That Automates The Exfiltration Of Data Over Dns In Case We Have A Blind Command Execution On A Server Where All Outbound Connections Except DNS Are Blocked

A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution e.g...

Exploit for Improper Input Validation in Vmware View_Planner

CVE-2021-21978 A simpler way to bring back the vulnerable expl...

container-tools:2.0 security update

buildah 1.11.6-8.0.1 - Reduce unnecessary writable mounts in NaiveDiffDriver Orabug: 31025483 - Fixes troubles with oracle registry login Orabug: 29937283 1.11.6-8 - exclude i686 arch - Related: 1821193 1.11.6-7 - fix 'CVE-2020-10696 buildah: crafted input tar file may lead to local file...

Unspecified Vulnerability in HCL OneTest

HCL OneTest is a software testing tool from HCL India that provides multiple testing options. The software supports API testing, functional testing, UI testing, performance testing and service virtualization to support software automation testing. A security vulnerability exists in HCL OneTest...

CASAP Automated Enrollment System 1.1 SQL Injection

Exploit Title: CASAP Automated Enrollment System 1.1 - Authentication Bypass cookie session Exploit Author: @nu11secur1ty Date: 03.02.2021 Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html Software Link:...

The vulnerability of the file system component of the IBM Spectrum Scale data storage management software allows a attacker to trigger a service failure.

The vulnerability of the file system component of the IBM Spectrum Scale data storage management software is related to insufficient testing of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by executing processes like...

Exploit for OS Command Injection in Systeminformation

CVE-2021-21315-systeminformation This is Proof of Concept for...

Concrete5 8.5.4 Cross Site Scripting

Exploit Title: Cross site scriptingXSS Author: nu11secur1ty Date: 02.27.2021 Vendor: https://www.concrete5.org/download Link: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3111 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3111 Exploit Place - Navigate to entries...

[SECURITY] Fedora 32 Update: python39-3.9.2-1.fc32

Python 3.9 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, update your Fedora to a newer version once Python 3.9 is stable...

PayloadsAllTheThings

This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security vulnerabilities. The repository includes tools and exploits for vulnerabilities such as CRLF injection, CSRF injection, and CORS...

[SECURITY] Fedora 32 Update: python37-3.7.10-1.fc32

Python 3.7 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.7, see other distributions that support it, such as an older Fedora release...

[SECURITY] Fedora 32 Update: python36-3.6.13-1.fc32

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 33 Update: python3.8-3.8.8-1.fc33

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

Code Injection in sodadata/soda-sql

Description soda-sql Metric collection, data testing and monitoring for SQL accessible data, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install soda-sql Run exploit.py...

The vulnerability of the Wireshark software lies in the lack of thorough testing of input data, which allows attackers to trigger an emergency shutdown of the application.

The vulnerability of the Wireshark software exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause the application to crash...