Aggregator

A vulnerability, which was classified as problematic, has been found in Metagauss RegistrationMagic Plugin up to 5.2.5.9 on WordPress. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-25935. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.9-rc1. Affected is the function del_timer of the component ALSA. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-26654. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.7.4. Affected is an unknown function of the component bcachefs. The manipulation leads to deadlock. This vulnerability is traded as CVE-2024-26658. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.15.148/6.1.78/6.6.17/6.7.5 and classified as critical. Affected by this vulnerability is the function j1939_socks_lock. The manipulation leads to deadlock. This vulnerability is known as CVE-2023-52638. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in irontec sngrep up to 1.8.0. Affected by this issue is the function strncpy of the file sip.c of the component SIP Header Handler. The manipulation of the argument Call-ID/X-Call-ID leads to buffer overflow. This vulnerability is handled as CVE-2024-3119. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in irontec sngrep up to 1.8.0. This affects the function sip_validate_packet of the file src/sip.c of the component SIP Header Handler. The manipulation of the argument Content-Length/Warning leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-3120. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.5 and classified as problematic. Affected by this issue is the function kzalloc of the component amdkfd. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2024-26817. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenX 2.8.10 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument parent leads to cross site scripting. This vulnerability is handled as CVE-2012-4989. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - hypeScore: 1 - Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel

Currently trending CVE - hypeScore: 1 - A Remote Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to lack of input sanitation and could allow a remote attacker to run commands or code as a high privileged user.

Currently trending CVE - hypeScore: 1 - A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15.

Bob the Smuggler “Bob the Smuggler” is a tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip...

The post BobTheSmuggler: Leverages HTML Smuggling Attack appeared first on Penetration Testing Tools.

Honeyscanner – A vulnerability analyzer for Honeypots Honeyscanner is a vulnerability analyzer for honeypots designed to automatically attack a given honeypot, in order to determine if the honeypot is vulnerable to specific types of...

The post Honeyscanner – A vulnerability analyzer for Honeypots appeared first on Penetration Testing Tools.

Reaper Reaper is a proof-of-concept designed to exploit BYOVD (Bring Your Own Vulnerable Driver) driver vulnerability. This malicious technique involves inserting a legitimate, vulnerable driver into a target system, which allows attackers to exploit...

The post Reaper: PoC designed to exploit BYOVD driver vulnerability appeared first on Penetration Testing Tools.

新春启智，驱动创新