461 matches found
Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA
Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest...
Introducing the Wallarm 2024 API ThreatStatsTM Report
The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular...
Exploit for Deserialization of Untrusted Data in Wpengine Better_Search_Replace
PoC exploit for CVE-2023-6933, a vulnerability in a web applicat...
CVE-2023-6932
creationtimestamp| type| source ---|---|--- 2024-01-04 07:51:57+00:00| seen| https://t.me/ctinow/162812 2024-01-12 16:11:20+00:00| seen| https://t.me/ctinow/167349 2025-01-07 23:00:00+00:00| seen| https://u1f383.github.io/linux/2025/01/08/two-network-related-vulnerabilities-analysis.html 2025-01-...
PT-2023-13421 · Vermeg · Vermeg Agilereporter
Name of the Vulnerable Software and Affected Versions: VERMEG AgileReporter version 21.3 Description: An issue was discovered in VERMEG AgileReporter where XXE can occur via an XML document to the Analysis component. Recommendations: For VERMEG AgileReporter version 21.3, consider restricting...
PT-2023-36059 · Git +1 · Radare2
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several functions: r str ncpy, Elf64 load symbols from, and Elf64 load...
CVE-2023-41614
The CVE-2023-41614 entry describes a stored XSS in Zoo Management System v1.0, specifically in the Add Animal Details function where an attacker can inject a payload via the Description of Animal parameter. Affected component: Add Animal Details (Description of Animal). Impact per sources: arbitr...
Callisto - An Intelligent Binary Vulnerability Analysis Tool
Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the psuedo code output looking for potential security vulnerabilities in that pseudo c code. Ghidra's headless decompiler is what drives the bina...
HackBot - A Simple Cli Chatbot Having Llama2 As Its Backend Chat AI
Welcome to HackBot, an AI-powered cybersecurity chatbot designed to provide helpful and accurate answers to your cybersecurity-related queries and also do code analysis and scan analysis. Whether you are a security researcher, an ethical hacker, or just curious about cybersecurity, HackBot is her...
Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager
Refresh This container emulates the vulnerable functionality o...
Artemis - APK Infrastructure Investigator
Overview A tools for Find APK Infrastructure . HADESS performs offensive cybersecurity services through infrastructures and software that include vulnerability analysis, scenario attack planning, and implementation of custom integrated preventive projects. We organized our activities around the...
CVE-2023-30563
A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session...
U.S. Dept Of Defense: RCE via File Upload with a Null Byte Truncated File Extension at https://██████/
A remote code execution vulnerability via file upload with a null byte truncated file extension was found on a website. By uploading a file with .asp%00.png extension, malicious ASP code could be executed on the server. This allowed an attacker to run arbitrary system commands. The issue was...
Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!
Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources...
1Panel vulnerable to command injection when adding container repositories
Impact The authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. 1. Vulnerability analysis. backend\app\api\v1\imagerepo.gocreate backend\app\service\imagerepo.goCheckConn 2. vulnerability reproduction. POST /api/v1/containers/repo...
Exploit for Improper Privilege Management in Sudo_Project Sudo
CVE-2023-22809 Analysis & Exploit Basic Information V...
WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass
Entering the URL in browser will give you access to the respective users account. If the wordpress admin user himself...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Gvectors Wpforo_Forum
Original Proof of Concept for CVE-2023-2249 - Proof of Concep...
CVE-2022-48234
In FM service , there is a possible missing params check. This could lead to local denial of service in FM service...
Sophos Web Appliance 4.3.10.4 - Pre-auth command injection
!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...