Aggregator

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. Affected by this issue is the function regmap_read. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-57910. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.9/6.13-rc6. Affected by this vulnerability is the function iio_for_each_active_channel. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-57909. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. Affected is the function iio_for_each_active_channel. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-57908. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

TripleCross TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON...

The post TripleCross: Linux eBPF rootkit appeared first on Penetration Testing Tools.

Threat actors operating under the name ShinyHunters have orchestrated a series of cyberattacks targeting major corporations, including Qantas, Allianz Life, LVMH, and Adidas. Each incident centers around attempts to infiltrate client Salesforce environments through...

The post The ShinyHunters Salesforce Attack: Vishing & OAuth Abuse Blamed for Qantas, Allianz, LVMH Breaches appeared first on Penetration Testing Tools.

A vulnerability was found in Linux Kernel up to 6.1.124/6.6.71/6.12.9/6.13-rc6. It has been declared as problematic. This vulnerability affects the function iio_for_each_active_channel. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-57906. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.71/6.12.9/6.13-rc6. It has been rated as problematic. This issue affects the function iio_for_each_active_channel. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-57907. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.9/6.13-rc6. It has been classified as problematic. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-57905. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

当前环境出现异常状态,需完成验证后方可继续访问,提供"去验证"链接引导操作.

奉上writeup，欢迎加入CTF Venom战队

威努特已为金融、能源、政务等领域提供标杆级数据安全方案。

Attacks linked to the Storm-2603 group continue to raise serious concerns within the cybersecurity community. This relatively obscure yet well-documented group, reportedly associated with China, has been implicated in the exploitation of recently discovered...

The post Storm-2603 Unleashes Warlock & LockBit Ransomware with Custom AK47 C2 Framework appeared first on Penetration Testing Tools.

A vulnerability was found in ManageEngine Applications Manager 8.1 Build 8100. It has been classified as problematic. Affected is an unknown function of the component Applications Manager. The manipulation of the argument showlink leads to cross site scripting. This vulnerability is traded as CVE-2008-0474. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Level Platforms Managed Workplace Service Center 6. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2008-0636. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in mambo 4.6.2/4.6.3. Affected by this vulnerability is an unknown functionality of the file connectors/php/connector.php. The manipulation of the argument Command leads to cross site scripting. This vulnerability is known as CVE-2008-7213. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Mambo 4.6.2/4.6.5. This vulnerability affects unknown code. The manipulation of the argument mosConfig_sitename leads to cross site scripting. This vulnerability was named CVE-2008-3712. The attack can be initiated remotely. Furthermore, there is an exploit available.

Beginning in October 2025, Microsoft will implement sweeping measures to insulate Excel from potentially hazardous sources. A new default policy will block external links to certain file types, affecting all Excel users through a...

The post Microsoft to Block External Links in Excel, Phased Rollout Begins October 2025 appeared first on Penetration Testing Tools.