Aggregator

A vulnerability classified as problematic has been found in Greasemonkey 0.3.3. Affected is the function api. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2005-2455. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sun StorEdge 6130 Arrays. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to Remote Code Execution (Stored). This vulnerability was named CVE-2005-1609. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Sophos Anti-Virus up to 5.0.1 and classified as critical. This issue affects some unknown processing of the component ZIP Archive Handler. The manipulation of the argument Extra Field Length with the input 0xFFFF leads to infinite loop. The identification of this vulnerability is CVE-2005-1530. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

VAC kernel-mode bypass Fully working VAC kernel-mode bypass, it makes use of either SSDT hooks or Infinityhook to intercept VAC syscalls and ultimately spoof the results in order to bypass the memory integrity checks....

The post VAC kernel-mode bypass: Fully working kernel-mode VAC bypass appeared first on Penetration Testing Tools.

domain-protect scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover scan Cloudflare for vulnerable DNS records take over vulnerable subdomains yourself before attackers and bug bounty researchers automatically create known issues in Bugcrowd or HackerOne...

The post domain-protect: prevent subdomain takeover appeared first on Penetration Testing Tools.

CatSniffer CatSniffer (😼) is an original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT (Internet of Things) devices. It was designed as a highly portable USB stick that integrates the new...

The post CatSniffer: original multiprotocol, and multiband board made for sniffing, communicating, and attacking IoT devices appeared first on Penetration Testing Tools.

积分奖励+排名奖励

A vulnerability was found in Linux Kernel 3.16.0/3.16.1/3.16.2. It has been classified as problematic. This affects an unknown part of the component Array Garbage Handler. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2014-3631. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Members of Loosely Organized Group Recently Tied to Partnership With RansomHub
Will the indictment of five alleged members of the loosely affiliated Scattered Spider cybercrime group disrupt its wider activities? The current count of known attacks tied to the group stands at over 130, but the accused have so far been tied by the FBI to only 45 of the attacks.

Red Team Finds Vulnerabilities in Critical Infrastructure Org’s Security Framework
The U.S., cyber defense agency is urging critical infrastructure operators to learn from the experience of a volunteer read teaming test and not rely too heavily on host-based endpoint detection and response solutions at the expense of network layer protections.

Watchdog Agency Report Points to Unimplemented Cyber Recommendations
The U.S. Department of Health and Human Services needs to take important actions to do a better job of carrying out its duties as the lead federal agency responsible for strengthening cybersecurity in the healthcare and public health sector, said a new federal watch dog agency report.

Buy of Application Security Startup Enhances Code-to-Cloud Vulnerability Management
Wiz acquired application security posture management startup Dazz for $450 million to provide enterprises with a unified code-to-cloud solution. CEO Merav Bahat highlights how this partnership will streamline vulnerability management and strengthen remediation capabilities for global organizations.

Lawmakers Expressed Concerns Over Proposed Data Use and Access Bill
British lawmakers sought assurances Tuesday from the U.K. government that proposed data use reform legislation will not cause the country to lose its data-sharing rights with the European Union. Lawmakers also warned about potential AI risks arising from the bill.

APT组织Lazarus 在Rootkit（获取内核权限）攻击中使用了微软的0day漏洞;APT组织Kimsuky利用软件公司产品安装程序进行伪装展开攻击;NoName057(16)组织DDoSia项目持续更新;

xAI 已筹集到 50 亿美元新资金，估值已达 500 亿美元；百度 Q3 财报：净利润增长 17% 超预期，文心大模型日调用量增 30 倍达 15 亿；拼多多发布 Q3 财报：营收 994 亿元，环比增速下降

A vulnerability classified as critical has been found in FormaLMS up to 2.4.4. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2021-43136. The attack needs to be approached within the local network. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Apple macOS up to 13.6/14.6. Affected by this vulnerability is an unknown functionality of the component User Information Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-44213. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 14.6. It has been classified as critical. This affects an unknown part. The manipulation leads to symlink following. This vulnerability is uniquely identified as CVE-2024-44175. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.