Aggregator

A vulnerability classified as critical was found in Atrium Mercur Mailserver up to 4.1. This vulnerability affects unknown code of the component Base64 Decoder. The manipulation of the argument AUTH/AUTHENTICATE leads to memory corruption. This vulnerability was named CVE-2003-1177. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple Mac OS X up to 10.11.4. Affected is an unknown function of the component CoreCapture. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2016-1803. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Flash Player up to 25.0.0.171. It has been classified as critical. This affects an unknown part of the component ATF Parser. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-3078. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in koha up to 3.14.15/3.16.11/3.18.9/3.20.0. Affected by this issue is some unknown functionality of the file members/memberentry.pl. The manipulation of the argument addshelf as part of Parameter leads to cross-site request forgery. This vulnerability is handled as CVE-2015-4630. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Wolfram webMathematica 2.3/3.0. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2009-4814. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Alibabaclone B2B Gold Script. Affected is an unknown function of the file product.html. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2010-1744. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Logsensor A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning Features login panel Scanning for multiple hosts Proxy compatibility (http, https) Login panel scanning is done in multiprocessing Installation git...

The post Logsensor: discover login panels, and POST Form SQLi Scanning appeared first on Penetration Testing Tools.

EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Background Thousands of organizations utilize Slack to help their employees communicate, collaborate, and interact. Many of these Slack workspaces...

The post EvilSlackbot: A Slack bot phishing framework for Red Teaming exercises appeared first on Penetration Testing Tools.

OpenGFW OpenGFW is a flexible, easy-to-use, open-source implementation of GFW on Linux that’s in many ways more powerful than the real thing. It’s cyber sovereignty you can have on a home router. Features Full IP/TCP...

The post OpenGFW: flexible, open-source implementation of Great Firewall on Linux appeared first on Penetration Testing Tools.

Part1 前言 大家好，我是ABC_123。上一篇文章给大家分享了俄乌网络战中，沙虫APT组织致乌克兰第1次大停电事故的技术细节，反响还不错。乌克兰历史上总共发生3次大停电事故，分别是在2015年

首款「印度制造」芯片将于今年推出：28nm 工艺；微信上线语音拜年红包；阅文短剧上线 7 天流水破 5000 万

雷军直播时被封禁1 月 25 日，雷军开启龙年收官直播。在直播中，雷军确认了一个数字：小米 SU7 的总交付量已经超过 15 万辆。但下午 1 点 48 分，雷军的抖音直播间突然遭到封禁。记者注意到，