CVE-2020-10577

An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions...

CVE-2020-6196

SAP BusinessObjects Mobile MobileBIService, version 4.2, allows an attacker to generate multiple requests, using which he can block all the threads resulting in a Denial of Service...

Extended-SSRF-Search - Smart SSRF Scanner Using Different Methods Like Parameter Brute Forcing In Post And Get...

This tool search for SSRF using predefined settings in different parts of a request path, host, headers, post and get parameters. First step Rename example.app-settings.conf to app-settings.conf and adjust settings. The most important setting is the callback url. I recommend to use burp...

[SECURITY] Fedora 30 Update: glib2-2.60.7-3.fc30

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system...

CVE-2020-8894

An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php...

CVE-2020-8894

An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php...

Design/Logic Flaw

An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php...

CVE-2020-8894

CVE-2020-8894 concerns MISP before 2.4.121, where ACLs for discussion threads were mishandled in the code paths of ThreadsController.php and Thread.php. The vulnerability arises from improper access control logic, enabling potential permission misconfigurations or exposure of thread discussions d...

PT-2020-20355 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP versions prior to 2.4.121 Description: An issue was discovered where ACLs for discussion threads were mishandled in the ThreadsController.php and Thread.php files. Recommendations: For versions prior to 2.4.121, update to version 2.4.121...

CVE-2020-8894

An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php...

Unspecified vulnerability in MISP (CNVD-2020-16092)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.121, which stems from the...

S3Enum - Fast Amazon S3 Bucket Enumeration Tool For Pentesters

s3enum is a tool to enumerate a target's Amazon S3 buckets. It is fast and leverages DNS instead of HTTP, which means that requests don't hit AWS directly. It was originally built back in 2016 to target GitHub. Installation Binaries Find the binaries on the Releases page. Go go get...

New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel,...

Clario: Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com

Summary Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com. Steps To Reproduce Go to: https://api-ne.mackeeper.com/debug/pprof/ You will see these links: - allocs: A sampling of all past memory allocations - block: Stack traces that led to blocking on synchronization primitives...

Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

Secretx - Extracting API Keys And Secrets By Requesting Each URL At The Your List

Extracting api keys and secrets by requesting each url at the your list. Installation python3 -m pip install -r requirements.txt Usage python3 secretx.py --list urlList.txt --threads 15 optional arguments: --help --colorless Credits Thanks to @m4ll0k for patterns and @choudhary1337 inpsiring for...

CVE-2019-10517

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096,...

Design/Logic Flaw

Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096,...

EulerOS 2.0 SP2 : 389-ds-base (EulerOS-SA-2019-2369)

According to the versions of the 389-ds-base packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - 389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different retu...

aSYNcrone - A SYN Flood DDoS Tool

aSYNcrone is a C language based, mulltifunction SYN Flood DDoS Weapon. Disable the destination system by sending a SYN packet intensively to the destination. aSYNcrone's POWER!!! USAGE git clone https://github.com/fatih4842/aSYNcrone.git cd aSYNcrone gcc aSYNcrone.c -o aSYNcrone -lpthread...