Aggregator

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.4.4/17.5.2/17.6.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Streaming Result Handler. The manipulation leads to session expiration. This vulnerability is handled as CVE-2024-11668. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 17.4.4/17.5.2/17.6.0. This issue affects some unknown processing of the component Harbor Registry Handler. The manipulation leads to inefficient algorithmic complexity. The identification of this vulnerability is CVE-2024-8177. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Thunderbird up to 132. Affected is the function loadManifestFromFile of the component Add-On Signature Handler. The manipulation leads to improper verification of cryptographic signature. This vulnerability is traded as CVE-2024-11696. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

TrailShark The TrailShark Capture Utility seamlessly integrates with Wireshark, facilitating the capture of AWS CloudTrail logs directly into Wireshark for near-real-time analysis. This tool can be used for debugging AWS API calls and played...

The post TrailShark: Enhance AWS Security with Near-Real-Time Insights appeared first on Penetration Testing Tools.

A vulnerability has been found in Oracle Database Server 11.2.0.4/12.1.0.2/12.2.0.1/18c/19c and classified as critical. Affected by this vulnerability is an unknown functionality of the component ORDS. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2020-11023. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

INTERCEPT Stupidly easy to use, small footprint Policy as Code subsecond command-line scanner that leverages the power of the fastest multi-line search tool to scan your codebase. It can be used as a linter, guard...

The post INTERCEPT: Policy as Code Static Analysis Auditing appeared first on Penetration Testing Tools.

前言在进行.Net源码审计时，往往会遇到拿到源码DLL文件，然后需要逐一使用反编译工具进行手动审计的情况。这种手动审计方法不仅费时费力，而且效率低下。虽然可以使用findstr /msi /c命令简单

Snaffler Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly, but it’s flexible) in a bunch of horrible boring haystacks (a massive Windows/AD environment). It might also be useful for other...

The post Snaffler: tool for pentesters to help find delicious candy needles appeared first on Penetration Testing Tools.

A vulnerability was found in Todd Miller sudo 1.8.14 and classified as critical. Affected by this issue is some unknown functionality of the file /etc/sudoers of the component sudoedit. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2015-5602. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

杀熟是动态定价的一种表现形式

A simple, yet effective real-time Bitcoin (BTC) balance checker.

一丁回家看了看

小米智能家电工厂奠基开工，一期项目聚焦空调品类 传三星电子最快本周进行大规模人事调整，已通知部分高管离职 尊界 S800 开启预订：意向金 2 万元，预计售价 100-150 万元

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

A vulnerability was found in Mozilla Firefox up to 132. It has been rated as problematic. This issue affects the function loadManifestFromFile of the component Add-On Signature Handler. The manipulation leads to improper verification of cryptographic signature. The identification of this vulnerability is CVE-2024-11696. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows Media Player 11.0.5721.5260 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to numeric error. This vulnerability is handled as CVE-2009-1331. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in FreeWebshop 2.2.9. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument lang_file leads to path traversal. This vulnerability was named CVE-2009-2338. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Aqua CMS 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to sql injection. This vulnerability is known as CVE-2009-1317. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in GuestCal Guest Cal 2.1. It has been classified as critical. This affects an unknown part. The manipulation of the argument lang leads to path traversal. This vulnerability is uniquely identified as CVE-2009-1319. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.