Aggregator

近日，国家信息安全漏洞库（CNNVD）收到关于GitLab安全漏洞的通报（CNNVD-202409-1044、CVE-2024-6678）情况的报送。

Mageni Mageni is an open source vulnerability management platform. Mageni provides a faster, enjoyable, and leaner vulnerability management experience for modern cybersecurity programs. Real-life problems that Mageni solves for you Assets Discovery Services Discovery...

The post mageni: open source vulnerability management platform appeared first on Penetration Testing Tools.

A vulnerability has been found in Seyeon Flexwatch Network Video Server 2.2 and classified as very critical. This vulnerability affects unknown code of the file aindex.htm. The manipulation with the input // leads to improper privilege management. This vulnerability was named CVE-2003-1160. The attack can be initiated remotely. Furthermore, there is an exploit available.

Nosey Parker: Find secrets in textual data Nosey Parker is a command-line tool that finds secrets and sensitive information in textual data. It is useful both for offensive and defensive security testing. Key features:...

The post noseyparker: finds secrets and sensitive information in textual data and Git history appeared first on Penetration Testing Tools.

Caido Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease. Feature Sitemap The Sitemap feature allows you to visualize the structure of any website that is proxied through...

The post Caido: audit web applications with efficiency and ease appeared first on Penetration Testing Tools.

Reverse SSH Want to use SSH for reverse shells? Now you can. Manage and connect to reverse shells with native SSH syntax Dynamic, local and remote forwarding Native SCP and SFTP implementations for retrieving files from your targets...

The post Reverse SSH: SSH based reverse shell appeared first on Penetration Testing Tools.

A vulnerability has been found in My Mobile Day 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2014-6718. The attack can only be done within the local network. There is no exploit available.

美联航与 SpaceX 达成协议，又一家航司将提供星链 WiFi；腾讯阿里加码境外游市场，小程序后台打通同程旅行 HopeGoo；程一笑：快手私域时长同比增长 7%，日均互动总量超过 100 亿次。

A vulnerability, which was classified as critical, was found in iTriage Health 5.29. Affected is an unknown function of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2014-6717. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in fastin 1. This issue affects some unknown processing of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. The identification of this vulnerability is CVE-2014-6716. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as critical, has been found in telltarget CMS. This issue affects some unknown processing of the file module/ref_kd_rubrik.php. The manipulation of the argument tt_docroot leads to Remote Code Execution. The identification of this vulnerability is CVE-2007-2597. The attack may be initiated remotely. Furthermore, there is an exploit available.

Authentication requiring stored credentials is not only vulnerable to phishing and other compromises, but using these credentials can also be cumbersome for busy clinicians, said Tina Srivastava, co-founder of Badge, a provider of deviceless, tokenless authentication technology.

Inquiry Launched to Determine the Company's Compliance With GDPR
The Irish data regulator launched an investigation to determine Google's compliance with a European privacy law when it was developing its PaLM 2 artificial intelligence model. Google launched the multilingual generative AI model last year.

Over-Deployment of Tools Raises Security and Operational Concerns
Excessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warn security researchers from Claroty. Remote access tools are essential, but they introduce numerous potential vulnerabilities that threat actors exploit.