openSUSE: Security Advisory for go1.14 (openSUSE-SU-2020:1587-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for go1.14 (openSUSE-SU-2020:1584-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for go1.14 (moderate)

openSUSE Security Update: Security update for go1.14 Announcement ID: openSUSE-SU-2020:1587-1 Rating: moderate References: 1164903 1176031 Cross-References: CVE-2020-24553 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has one errata is now available.Description...

OPENSUSE-SU-2020:1587-1 Security update for go1.14

This update for go1.14 fixes the following issues: - go1.14.9 released 2020-09-09 includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages. Refs bsc1164903 go1.14 release tracking go41192 net/http/fcgi: race detected during execution of...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The repository contains various vulnerable environments, each with its own set of vulnerabilities, allowing users to test and learn about different types of attacks. The environments are built using Docker and Docker...

Exploit for CVE-2020-1472

ZeroLogon testing script A Python script that uses the Impack...

Red Team — Automation or Simulation?

What is the difference between a penetration test and a red team exercise? The common understanding is that a red team exercise is a pen-test on steroids, but what does that mean? While both programs are performed by ethical hackers, whether they are in-house residents or contracted externally, t...

Velociraptor - Endpoint Visibility and Collection Tool

Velociraptor is a tool for collecting host based state information using Velocidex Query Language VQL queries. To learn more about Velociraptor, read the documentation on: https://www.velocidex.com/docs/ Quick start If you want to see what Velociraptor is all about simply: 1. Download the binary...

[SECURITY] Fedora 33 Update: python3.5-3.5.10-1.fc33

Python 3.5 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.5, see other distributions that support it, such as CentOS or RHEL with Software...

testing.razertech.de Cross Site Scripting vulnerability OBB-1362520

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

The vulnerability of the Intel Graphics Driver lies in its insufficient validation of input data, which allows attackers to trigger a service failure.

The vulnerability of the Intel Graphics Driver exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

This One Time on a Pen Test: Ain’t No Fence High Enough

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. For more insights, check out our 2020 Under the Hoodie report. Read...

CVE-2019-15959

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...

CVE-2019-15959

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...

Exploiting Oracle WebLogic by Remote Code Execution with a /console endpoint restricted

This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. Its useful during black-box security audits, pentests, and infrastructure audits, including automated vulnerability scanning. To set up an example playground, we will use the following docke...

Stripo Inc: weak password poilicy in signup password leak to account takeover

Summary: add summary of the vulnerability i create account with weak password Steps To Reproduce: add details for how we can reproduce the issue 1.i create account with weak password qwerty123 2- account create done without validation 3- it should have protected users from attack and have policy...

FFEM: A Simple Device to Crowdsource Water Quality Data

Akamai has been a strong advocate for water conservation by supporting early-stage innovations. This World Water Monitoring Day September 18, we present the inspiring work of one of our innovators -- Foundation For Environmental Monitoring FFEM, based in Bangalore, India -- that is working on...

Zin - A Payload Injector For Bugbounties Written In Go

APayload Injector for bugbounties written in go Features Inject multiple payloads into all parameters Inject single payloads into all parameters Saves responses into output folder Displays Status Code & Response Length Can grep for patterns in the response Really fast Easy to setup Install $ go g...

Exploit for CVE-2020-25265

CVE-2020-25265 / CVE-2020-25266 - CVE-2020-25265https://nv...

Zenscrape: A Simple Web Scraping Solution for Penetration Testers

Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it! To put in simpler terms, Web scraping, or also known as web data extraction, is the process of recouping or sweeping data from web-pages. It...