Aggregator

A vulnerability was found in Steinbeis Allegra 7.5.0 Build 29. It has been classified as critical. This affects the function uploadSimpleFile. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2023-51646. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Steinbeis Allegra 7.5.0 Build 29. It has been declared as critical. This vulnerability affects the function saveInlineEdit. The manipulation leads to path traversal. This vulnerability was named CVE-2023-51647. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Steinbeis Allegra 7.5.0 Build 29. Affected is the function uploadFile. The manipulation leads to path traversal. This vulnerability is traded as CVE-2023-51643. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Steinbeis Allegra 7.5.0 Build 29. Affected by this vulnerability is the function unzipFile. The manipulation leads to path traversal. This vulnerability is known as CVE-2023-51645. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Steinbeis Allegra 7.5.0 Build 29 and classified as very critical. This issue affects the function SiteConfigAction. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2023-51644. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Themelogik CMSLogik 1.2.0/1.2.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument item_link leads to cross site scripting. The identification of this vulnerability is CVE-2013-3535. The attack may be initiated remotely. Furthermore, there is an exploit available.

Hooka Hooka is able to generate shellcode loaders with multiple capabilities. It is also based on other tools like BokuLoader, Freeze or Shhhloader, and it tries to implement more evasion features. Why in Golang? Why not? Feature This...

The post Hooka: Shellcode loader generator with multiples features appeared first on Penetration Testing Tools.

WEF – WiFi Exploitation Framework This project started over 2021 as a personal tool to easily audit networks without writing long commands or setting all values one by one, in order to automate the...

The post WEF: WiFi Exploitation Framework appeared first on Penetration Testing Tools.

WhacAMole WhacAMole is a program that analyzes processes in memory in an integral way, detecting and alerting of anomalies related to the malware and presenting and saving in files all the relevant information for...

The post WhacAMole: Live memory analysis tool appeared first on Penetration Testing Tools.

美空军官员分析美军网络作战规划问题并提出对策建议

编者按美国空军进攻性网络军官约翰·科布近日撰文，分析美国网络任务部队网络战略与战术脱节的三大核心问题，并提出对策建议。首个问题在于网络作战总部分散而狭隘的指挥控制结构导致规划不一致和脱节。文章称，美国

Indiana Attorney General Fines Westend Dental $350K in 2020 Ransomware Hack
An Indiana dental practice agreed to pay the state $350,000 and implement a long list of data security improvements following an alleged 2020 ransomware breach "cover up" that came to light when state regulators investigated a patient complaint about unfulfilled requests for dental X-rays.

Access Management Leaders Remain Unchanged as Customer Identity Cases Proliferate
Advances in customer identity around better user experience, strong authentication, and centralized identity processes have driven rapid growth in the access management market. The space by grew 17.6% to $5.85 billion in 2023 as organizations increasing look to replace homegrown CIAM solutions.

Cyber Defense Agency Aims to Bolster Protections Against Chinese Intrusion
The Cybersecurity and Infrastructure Security Agency is issuing final rules to safeguard U.S. sensitive data from potential Chinese intrusions, requiring Americans involved in restricted transactions with Chinese entities to adopt stringent cybersecurity measures.

DDoS Attacks Primarily Target Logistics, Government and Financial Entities
A spate of distributed denial-of-service attacks during the end-of-year holiday season disrupted operations at multiple Japanese organizations, including the country's largest airline, wireless carrier and prominent banks. The effect of the attacks has been temporary.

随着电子商务的蓬勃发展，网络钓鱼和数据窃取活动日益猖獗。黑客组织不断寻找新的方法来绕过传统的安全防御检测措施，以获取敏感信息，如信用卡数据、个人身份信息和其他财务信息。在最近的一系列攻击活动中，网络安

近日，一起大规模的数据泄露事件震动了网络安全界。名为“HikkI-Chan”的黑客在臭名昭著的Breach Forums上泄露了超过3.9亿VK用户的个人信息。

A vulnerability was found in GNU screen 4.0.3. It has been classified as critical. This affects an unknown part. The manipulation leads to Local Privilege Escalation. This vulnerability is uniquely identified as CVE-2007-3048. Attacking locally is a requirement. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment.