Aggregator

本文提出了AutoSafeCoder，一个多智能体框架，旨在通过静态分析和模糊测试来增强（LLM）生成代码的安全性。

Probably once a week, I see posts like this in the r/Ubiquiti subreddit. Ubiquiti makes network gea

攻击者可以在某些情况下以任意用户身份触发Pipeline，可能导致权限提升或执行恶意操作。

BAADTokenBroker BAADTokenBroker is a post-exploitation tool designed to leverage device-stored keys (Device key, Transport key etc..) to authenticate to Microsoft Entra ID. Use Import BAADTokenBroker in your target machine. PS C:\ > import-module .\BAADTokenBroker.ps1...

The post BAADTokenBroker: Bypassing Entra ID Conditional Access appeared first on Penetration Testing Tools.

lsassy Python library to remotely extract credentials. This library uses impacket projects to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Different lsass dumping methods are implemented in lsassy, and some option are provided to...

The post lsassy: Extract credentials from lsass remotely appeared first on Penetration Testing Tools.

GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline executionGitLab issued

BLAKE3 BLAKE3 is a cryptographic hash function that is: Much faster than MD5, SHA-1, SHA-2, SHA-3, and BLAKE2. Secure, unlike MD5 and SHA-1. And secure against length extension, unlike SHA-2. Highly parallelizable across any number of...

The post BLAKE3: The BLAKE3 cryptographic hash function appeared first on Penetration Testing Tools.

A vulnerability was found in Google Chrome. It has been classified as problematic. Affected is an unknown function of the component PDFium. The manipulation leads to uninitialized pointer. This vulnerability is traded as CVE-2020-15989. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome on Windows and classified as critical. This issue affects some unknown processing of the component Download Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2020-15988. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component WebRTC Stream Handler. The manipulation leads to use after free. This vulnerability was named CVE-2020-15987. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Google Chrome. This affects an unknown part of the component Media. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2020-15986. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Wireshark up to 4.2.7/4.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component AppleTalk Dissector/RELOAD Framing Dissector. The manipulation leads to improper handling of missing values. This vulnerability is known as CVE-2024-9781. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Wireshark up to 4.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component ITS Dissector. The manipulation leads to missing initialization of a variable. This vulnerability is handled as CVE-2024-9780. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in OpenPrinting cups-browsed up to 2.4 and classified as problematic. This vulnerability affects unknown code of the component HTTP POST Request Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2024-47850. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Juniper Junos OS Evolved and classified as critical. This issue affects some unknown processing of the component Kernel. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-47502. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Juniper Junos OS Evolved on ACX7000. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Packet Forwarding Engine. The manipulation leads to improper restriction of communication channel to intended endpoints. This vulnerability is known as CVE-2024-47490. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Juniper Junos OS Evolved on ACX. This vulnerability affects unknown code of the component Packet Forwarding Engine. The manipulation leads to handling of exceptional conditions. This vulnerability was named CVE-2024-47489. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Juniper Junos OS Evolved on QFX5000. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component CLI. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-47498. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.