Aggregator

Kastle Systemsが提供するAccess Control Systemには、複数の脆弱性が存在します。

尽管这些监控行为为公司带来了丰厚的利润，但它们可能侵犯个人隐私，威胁个人自由，并使人们面临从身份盗窃到跟踪等一系列风险。

A vulnerability was found in Jamal Bates Show 1.3.14.254. It has been rated as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-6865. The attack can only be initiated within the local network. There is no exploit available.

- Gleaming Pisces 通过 Python 软件包分发 Linux 和 MacOS 后门 - APT34 针对伊拉克政府网络部署恶意软件 - UNC2970 使用木马化 PDF 阅读器部署后门

尽个人事，碎嘴一下，别做黑产

A vulnerability has been found in Apple iOS up to 10.1.1 and classified as critical. This vulnerability affects unknown code of the component FontParser. The manipulation leads to memory corruption. This vulnerability was named CVE-2016-4688. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.10.7. This issue affects some unknown processing of the component nfsd. The manipulation of the argument nfsd4_fattr_args.context leads to uninitialized pointer. The identification of this vulnerability is CVE-2024-46697. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component vmwgfx. The manipulation leads to incorrect comparison. This vulnerability is known as CVE-2024-46710. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.6 and classified as problematic. Affected by this issue is the function __flush_work of the component workqueue. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-46704. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.10.6. It has been classified as critical. This affects an unknown part of the component DRM. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2024-46705. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.47/6.10.6. It has been declared as problematic. This vulnerability affects unknown code of the file serial_ctrl.c of the component fsl_lpuart. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-46706. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.7/6.11-rc1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component vmwgfx. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2024-46712. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

比赛时间：2024.9.13 - 2024.9.30

A vulnerability, which was classified as critical, was found in Apple watchOS up to 3.1.2. This affects an unknown part of the component FontParser. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2016-4691. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

在金融类的Web安全测试中，经常可以见到Web请求和响应数据包加密和签名保护，由于参数不可见，不能重放请求包，这类应用通常不能直接进行有效的安全测试，爬虫也爬不到数据。

A vulnerability has been found in Open Solution Quick.Cart 2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2007-3138. The attack can be launched remotely. Furthermore, there is an exploit available.

SCCM HTTP Looter Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s) How it works SCCM distribution points (DPs) are the servers used by Microsoft SCCM to host all the...

The post SCCM HTTP Looter: Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares appeared first on Penetration Testing Tools.

灵脉SAST全新3.5版本，携智能AI漏洞验证、域敏感分析、代码质量评估、安卓制品检测等功能重磅上线。

OWASP WrongSecrets Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management...

The post OWASP WrongSecrets: Secrets Management-focused vulnerable app appeared first on Penetration Testing Tools.