Aggregator

AlphaGolang AlphaGolang is a collection of IDAPython scripts to help malware reverse engineers master Go binaries. The idea is to break the scripts into concrete steps, thus avoiding brittle monolithic scripts, and mimicking the...

The post AlphaGolang: IDApython Scripts for Analyzing Golang Binaries appeared first on Penetration Testing Tools.

Malduck Malduck is your ducky companion in malware analysis journeys. It is mostly based on the Roach project, which derives many concepts from mlib library created by Maciej Kotowicz. The purpose of the fork was to make Roach...

The post Malduck: make library for malware researchers appeared first on Penetration Testing Tools.

Currently trending CVE - Hype Score: 2 - GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18.

Currently trending CVE - Hype Score: 2 - Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a ...

A vulnerability was found in Apple macOS up to 13.6/14.6/15.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Contact Information Handler. The manipulation leads to sensitive information in log files. This vulnerability is handled as CVE-2025-24146. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 13.6/14.6/15.1 and classified as problematic. This issue affects some unknown processing of the component Keyboard Event Handler. The manipulation leads to state issue. The identification of this vulnerability is CVE-2024-54539. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 13.6/14.6/15.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2025-24115. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 13.6/14.6/15.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-24130. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple GarageBand up to 10.4.11 and classified as critical. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2024-44142. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Pioneer DMH-WT7600NEX. This issue affects some unknown processing of the component Telematics. The manipulation leads to improper certificate validation. The identification of this vulnerability is CVE-2024-23928. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Apple macOS. It has been rated as problematic. Affected by this issue is some unknown functionality of the component File Parser. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-24123. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple visionOS. This affects an unknown part of the component File Parser. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-24123. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple tvOS. This vulnerability affects unknown code of the component File Parser. The manipulation leads to denial of service. This vulnerability was named CVE-2025-24123. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple watchOS. This issue affects some unknown processing of the component File Parser. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2025-24123. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS. Affected is an unknown function of the component File Parser. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-24123. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Jarle Aase WarFTPd 1.67.04. This vulnerability affects unknown code of the component FTP Command Handler. The manipulation of the argument dir with the input *./../..* leads to path traversal. This vulnerability was named CVE-2001-0295. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Windows文件管理器漏洞CVE-2025-24071可导致攻击者通过解压文件窃取NTLM哈希，无需用户交互，PoC已发布。