Aggregator

A vulnerability was found in cute_headers cute_png 1.05. It has been rated as critical. Affected by this issue is the function cp_chunk in the library cute_png.h. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-46276. The attack can only be done within the local network. Furthermore, there is an exploit available.

A vulnerability was found in Pagekit 1.0.18. It has been classified as problematic. This affects an unknown part of the file index.php/admin/site/widget. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-45967. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. This vulnerability is handled as CVE-2024-9359. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. This vulnerability is uniquely identified as CVE-2024-9360. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Crawl4AI是什么 Crawl4AI 是一款开源的 LLM 友好型 Web 爬虫工具，旨在简化异步 Web 爬取和数据提取，专为大型语言模型 (LLM) 和 AI 应用程序设计。它可以作为 ...

Knows More KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync). Main features  Import NTLM Hashes from .ntds output txt file (generated by CrackMapExec or...

The post knowsmore: A swiss army knife tool for pentesting Microsoft Active Directory appeared first on Penetration Testing Tools.

A vulnerability has been found in SpeedTech PHP Library and classified as critical. This vulnerability affects unknown code in the library STPHPLIB_DIR of the file stphpradiogroup.php. The manipulation of the argument STPHPLIB_DIR leads to code injection. This vulnerability was named CVE-2007-4737. The attack can be initiated remotely. Furthermore, there is an exploit available.

OpenAI 获得 40 亿美元周转信贷，公司流动资金破 100 亿美元；消息称腾讯和 Guillemot 家族正考虑收购育碧

Malwoverview Malwoverview.py is a first response tool for threat hunting, which performs an initial and quick triage of malware samples, URLs, IP addresses, domains, malware families, IOCs and hashes. Additionally, Malwoverview is able to...

The post malwoverview: perform an initial and quick triage on a directory containing malware samples appeared first on Penetration Testing Tools.

ronin Ronin is a free and Open Source Ruby toolkit for security research and development. Ronin contains many different CLI commands and Ruby libraries for a variety of security tasks, such as encoding/decoding data, filter IPs/hosts/URLs, querying ASNs, querying DNS, HTTP, scanning...

The post ronin: Ruby platform for vulnerability research and exploit development appeared first on Penetration Testing Tools.

A vulnerability classified as critical has been found in Infinera hiT 7300 5.60.50. Affected is an unknown function of the component SSH Service. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2024-28812. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as critical was found in Infinera hiT 7300 5.60.50. Affected by this vulnerability is an unknown functionality of the component CT Management Application. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2024-28813. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Infinera hiT 7300 5.60.50. This vulnerability affects unknown code of the component CT Desktop Management Application. The manipulation leads to cleartext storage of sensitive information. This vulnerability was named CVE-2024-28807. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in IBM WebSphere Application Server 8.5/9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-45073. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in alaaliwat www.alaaliwat.com 4.9. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2014-7394. The attack can only be done within the local network. There is no exploit available.

三星在 10 月 2 日释出了软件更新，结果导致部分旧型号 Galaxy 手机变砖。三星证实是管理智能设备的 SmartThings Framework 应用更新导致了该问题，在发现问题之

Oct 4, 2024Our latest in a series of interviews discussing cybersecuritycareer paths, today we talk

A vulnerability, which was classified as critical, was found in Atos Eviden iCare up to 2.7.11. This affects an unknown part of the component Web Interface. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-42017. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in StarCitizenTools mediawiki-skins-Citizen up to 2.30.x and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation of the argument real name leads to basic cross site scripting. This vulnerability was named CVE-2024-47536. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in INROAD. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /AccountMaster/GetCurrentUserInfo of the component API Endpoint. The manipulation of the argument UserNameOrPhoneNumber leads to information disclosure. This vulnerability is known as CVE-2024-46635. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.