Aggregator

A vulnerability was found in Linux Kernel up to 6.8.5 and classified as problematic. Affected by this issue is the function kzalloc of the component amdkfd. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2024-26817. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenX 2.8.10 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument parent leads to cross site scripting. This vulnerability is handled as CVE-2012-4989. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - hypeScore: 1 - Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel

Currently trending CVE - hypeScore: 1 - A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user.

Currently trending CVE - hypeScore: 1 - A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

Bob the Smuggler “Bob the Smuggler” is a tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip...

The post BobTheSmuggler: Leverages HTML Smuggling Attack appeared first on Penetration Testing Tools.

Honeyscanner – A vulnerability analyzer for Honeypots Honeyscanner is a vulnerability analyzer for honeypots designed to automatically attack a given honeypot, in order to determine if the honeypot is vulnerable to specific types of...

The post Honeyscanner – A vulnerability analyzer for Honeypots appeared first on Penetration Testing Tools.

Reaper Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit...

The post Reaper: PoC designed to exploit BYOVD driver vulnerability appeared first on Penetration Testing Tools.

新春启智，驱动创新

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A vulnerability was found in Cisco IOS XR up to 7.10.1. It has been classified as critical. Affected is an unknown function of the component Ethernet Frame Handler. The manipulation leads to incorrect provision of specified functionality. This vulnerability is traded as CVE-2024-20317. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS XR and classified as problematic. This issue affects some unknown processing of the component Dedicated XML Agent. The manipulation leads to improper verification of source of a communication channel. The identification of this vulnerability is CVE-2024-20390. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.5. It has been declared as critical. Affected by this vulnerability is the function cache_tag_unassign_domain. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-56669. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.56/6.5.6. This issue affects some unknown processing of the component erofs. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2023-52526. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ClamAV Antivirus. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HFS+ File Scanning. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-20197. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.