Aggregator

A vulnerability, which was classified as problematic, has been found in NVIDIA Mellanox OS, Skyway, MetroX-3 XC and MetroX-2. Affected by this issue is some unknown functionality of the component URI Handler. The manipulation leads to path traversal: '.../...//'. This vulnerability is handled as CVE-2024-0113. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in SAP NetWeaver Application Server ABAP 755/756/757/758. Affected is an unknown function of the component CSS Handler. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-41732. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in IBM QRadar Suite Software and Cloud Pak for Security. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Back-End Command Handler. The manipulation leads to invocation of process using visible sensitive information. This vulnerability is handled as CVE-2024-28799. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in IBM SDK and Java Technology Edition up to 7.1.5.18/8.0.8.26. This affects an unknown part of the component Object Request Broker. The manipulation leads to channel accessible by non-endpoint. This vulnerability is uniquely identified as CVE-2024-27267. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM WebSphere Application Server 8.5/9.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2023-50315. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

The Institute for Security and Technology's UnDisruptable27 project connects technology firms with the public sector to strengthen US cyber defenses in case of attacks on critical infrastructure.

A vulnerability was found in Toshibatec E-studio-232. It has been declared as critical. This vulnerability affects unknown code of the component Change Password. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2014-1990. The attack can be initiated remotely. Furthermore, there is an exploit available.

error code: 1106

error code: 1106

这些代码通常会伪装成编码技能测试或密码管理器应用程序，代码附带的 README 文件包含诱骗受害者执行恶意软件的说明。

MaLDAPtive MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. Its foundation is a 100% custom-built C# LDAP parser that handles tokenization and syntax tree parsing along with numerous custom properties...

The post Invoke-Maldaptive: LDAP Obfuscation, Deobfuscation & Detection appeared first on Penetration Testing Tools.

DFIR Toolkit CLI tools for forensic investigation of Windows artifacts Overview of timelining tools   Install cargo install dfir-toolkit Tool cleanhive merges logfiles into a hive file xx evtx2bodyfile Example   evtxanalyze Analyze evtx...

The post DFIR Toolkit: CLI tools for forensic investigation of Windows artifacts appeared first on Penetration Testing Tools.

A vulnerability, which was classified as problematic, was found in ImageMagick 7.0.7-17 Q16. Affected is the function ReadRLAImage of the file coders/rla.c. The manipulation leads to improper resource management. This vulnerability is traded as CVE-2018-5247. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

JNDI-Injection-Exploit-Plus JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and providing background services by starting the RMI, LDAP, and HTTP servers. Using this tool allows you to get JNDI links, you can insert these...

The post JNDI-Injection-Exploit-Plus: generating workable JNDI links and providing background services appeared first on Penetration Testing Tools.

A vulnerability, which was classified as problematic, has been found in ImageMagick 7.0.7-17 Q16. This issue affects the function ReadPATTERNImage of the file coders/pattern.c. The manipulation leads to improper resource management. The identification of this vulnerability is CVE-2018-5246. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

This month Redmond fixes 79 security flaws in Windows and other  products.As regular as clockwork,

A vulnerability classified as critical was found in BM SOFT BMPlanning 1.0.0.1. Affected by this vulnerability is an unknown functionality in the library /BMServerR.dll/BMRest. The manipulation of the argument SEC_IDF/LIE_IDF/PLANF_IDF/CLI_IDF/DOS_IDF leads to sql injection. This vulnerability is known as CVE-2024-28298. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The identification of this vulnerability is CVE-2024-7436. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. This vulnerability is traded as CVE-2024-7437. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. This vulnerability is known as CVE-2024-7438. The attack can be launched remotely. Furthermore, there is an exploit available.