461 matches found
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor. Hello everyone! This episode will focus on the news from my open source Vulristics project for vulnerability analysis and prioritization. Alternative video link for Russia: https://vk.com/video-149273431456239122 EPSS v3 The third...
CVE-2023-23422
creationtimestamp| type| source ---|---|--- 2023-04-13 18:02:40+00:00| published-proof-of-concept| Telegram/gyCoGHimPrHuJIO4PODdzGa-SbQUX3r8l5z0rakuXLR 2023-04-18 07:16:18+00:00| published-proof-of-concept| https://t.me/RespaldoHackingTeam/1337 2023-04-18 12:11:38+00:00| seen|...
QuadraInspect - Android Framework That Integrates AndroPass, APKUtil, And MobFS, Providing A Powerful Tool For Analyzing The Security Of Android Applications
The security of mobile devices has become a critical concern due to the increasing amount of sensitive data being stored on them. With the rise of Android OS as the most popular mobile platform, the need for effective tools to assess its security has also increased. In response to this need, a ne...
Threat Roundup for March 31 to April 7
Today, Talos is publishing a glimpse into the most prevalent threats weve observed between March 31 and April 7. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...
Exploit for Improper Access Control in Joomla Joomla\!
Joomla! information disclosure - CVE-2023-23752 exploit Explo...
GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data
This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...
Exploit for CVE-2022-30136
CVE-2022-30136 Windows Network File System Remote exploit PoC...
WordPress Profile Builder 3.9.0 Missing Authorization Vulnerability
WordPress Profile Builder plugin versions 3.9.0 and below suffer from a missing authorization vulnerability in wppbtoolboxusermetahandler. Description: Profile Builder – User Profile & User Registration Forms get’. Finally, the function returns the value of the retrieved ‘key’ for the given...
Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1
Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2023, including vulnerabilities that were added between January and February Patch Tuesdays. Alternative video link for Russia: This month I decided to change the format a bit. Now I share my impression of Microsoft...
CVE-2023-0217
creationtimestamp| type| source ---|---|--- 2023-02-08 22:25:20+00:00| seen| https://t.me/cibsecurity/57791 2023-02-10 14:55:06+00:00| seen| https://t.me/truesecator/4053 2025-03-06 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-065-01...
Exploring the Vulnerabilities of Seaport: A Technical Analysis of a Fake Signature Attack on Non-Fungible Tokens
Lines of code Vulnerability details Impact This finding aims to provide a comprehensive analysis of the sc4m trend, which emerged in August 2022, and has since been a prevalent issue in the WEB3 space. Despite efforts to combat this phenomenon, bad actors continue to engage in illicit activities,...
Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora
This repository is an open-source project called "Attack-Defense ThinkTank" openKylin, which is a community-driven platform for sharing knowledge and research on attack and defense techniques. The project is hosted on Gitee, a Chinese version of GitHub. The repository contains various articles an...
FISSURE - Frequency Independent SDR-based Signal Understanding and Reverse Engineering
Frequency Independent SDR-based Signal Understanding and Reverse Engineering FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability...
PT-2022-16417 · Unknown · Dlpfde.Sys
Name of the Vulnerable Software and Affected Versions: dlpfde.sys affected versions not specified Description: The issue enables a logged-in user to make system calls, potentially causing a kernel stack overflow. This can result in a system crash, such as a BSOD. Recommendations: At the moment,...
WordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know
On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities. These patches have been backport...
RESim - Reverse Engineering Software Using A Full System Simulator
Reverse engineering using a full system simulator. Dynamic analysis by instrumenting simulated hardware using Simics Trace process trees, system calls and individual programs Reverse execution to selected breakpoints and events Integrated with IDA Protm debugging client Fuzz with a customized AFL...
BWASP - BoB Web Application Security Project
The BoB Web Application Security Project BWASP is an open-source, analysis tool to support for Web Vulnerability Manual Analysis hackers. The BWASP tool basically provides predicted information through vulnerability analysis without proceeding with an attack. BWASP supports performing automated...
Exploit for Out-of-bounds Write in Linux Linux_Kernel
CVE-2022-1015 This repository contains a PoC for local privil...
Analyzing the Attack Landscape: Rapid7’s 2021 Vulnerability Intelligence Report
Every year, our research team at Rapid7 analyzes thousands of vulnerabilities to understand root causes, dispel misconceptions, and explain why some flaws are more likely to be exploited than others. By continuously reviewing the vulnerability landscape and sharing our research team’s insights, w...
Developer Sabotages Open-Source Software Package
This is a big deal: A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. The applicatio...