Aggregator

A vulnerability was found in Avid NEXIS E-series, NEXIS F-series, NEXIS PRO+ and System Director Appliance on Linux and classified as critical. This issue affects some unknown processing. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2024-26290. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SAML-Toolkits ruby-saml up to 1.12.3/1.17.x and classified as critical. This vulnerability affects unknown code of the component ReXML/Nokogiri. The manipulation leads to improper verification of cryptographic signature. This vulnerability was named CVE-2025-25292. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

psudohash Psudohash is a password list generator for orchestrating brute force attacks and cracking hashes. It imitates certain password creation patterns commonly used by humans, like substituting a word’s letters with symbols or numbers...

The post psudohash: Generates millions of keyword-based password mutations in seconds appeared first on Penetration Testing Tools.

web-check Get an insight into the inner workings of a given website: uncover potential attack vectors, analyse server architecture, view security configurations, and learn what technologies a site is using. Currently, the dashboard will...

The post web-check: All-in-one OSINT tool for analysing any website appeared first on Penetration Testing Tools.

HackerNews 编译，转载请注明出处： 微软周二发布安全更新，修复了57个安全漏洞，其中包括6个已在野外被积极利用的零日漏洞。 在这57个漏洞中，6个被评为“严重”，50个为“重要”，1个为“低危”。修复的漏洞中，有23个涉及远程代码执行，22个与权限提升相关。 此外，微软还修复了其基于 Chromium 的 Edge 浏览器中的17个漏洞，其中一个是特定于浏览器的伪造漏洞（CVE-2025-26643，CVSS 评分：5.4）。 6个被积极利用的零日漏洞 CVE-2025-24983（CVSS 评分：7.0）——Windows Win32 内核子系统的 Use-After-Free（UAF）漏洞，允许授权攻击者在本地提升权限。 CVE-2025-24984（CVSS 评分：4.6）——Windows NTFS 信息泄露漏洞，攻击者可通过插入恶意 USB 设备，读取目标设备的部分堆内存。 CVE-2025-24985（CVSS 评分：7.8）——Windows Fast FAT 文件系统驱动的整数溢出漏洞，允许未经授权的攻击者在本地执行代码。 CVE-2025-24991（CVSS 评分：5.5）——Windows NTFS 越界读取漏洞，允许授权攻击者在本地窃取信息。 CVE-2025-24993（CVSS 评分：7.8）——Windows NTFS 基于堆的缓冲区溢出漏洞，允许未经授权的攻击者在本地执行代码。 CVE-2025-26633（CVSS 评分：7.0）——Microsoft Management Console（MMC）输入净化不当漏洞，允许未经授权的攻击者本地绕过安全功能。 发现并报告 CVE-2025-24983 的安全公司 ESET 透露，该漏洞最早于2023年3月在野外发现，并通过名为 PipeMagic 的后门程序传播至受感染主机。 ESET 解释称，该漏洞属于 Win32k 驱动中的 Use-After-Free 漏洞，在特定情况下，使用 WaitForInputIdle API 可能导致 W32PROCESS 结构被多次解引用，引发 UAF 攻击。要成功利用该漏洞，攻击者需要在竞争条件中占据优势。 PipeMagic 于2022年首次被发现，这是一种基于插件的木马程序，主要针对亚洲和沙特阿拉伯的目标。2024年底，该恶意软件曾伪装成 OpenAI ChatGPT 应用进行传播。 据卡巴斯基实验室 2024年10月的报告，PipeMagic 生成 16 字节的随机数组，以 \\.\pipe\1.<十六进制字符串> 的格式创建命名管道。该恶意软件会不断创建、读取并销毁该管道，以接收加密载荷和控制信号。通常，PipeMagic 依赖从命令与控制（C2）服务器下载的多个插件，而该服务器托管在微软 Azure 上。 Zero Day Initiative 指出，CVE-2025-26633 源自 MSC 文件处理方式的缺陷，允许攻击者绕过文件信誉保护，并在当前用户环境中执行代码。此漏洞的利用活动与名为 EncryptHub（又称 LARVA-208）的威胁组织有关。 安全公司 Action1 发现，攻击者可以将影响 Windows 核心文件系统的四个漏洞（CVE-2025-24985、CVE-2025-24993、CVE-2025-24984 和 CVE-2025-24991）进行组合利用，从而实现远程代码执行和信息泄露。这四个漏洞均由匿名报告。 Immersive 安全研究高级总监 Kev Breen 解释称，该攻击方法依赖于攻击者构造恶意的 VHD（虚拟硬盘）文件，并诱导用户打开或挂载它。虽然 VHD 主要用于存储虚拟机操作系统，但过去已有攻击者通过 VHD/VHDX 作为钓鱼攻击载体，以绕过杀毒软件检测。 Tenable 研究员 Satnam Narang 指出，CVE-2025-26633 是继 CVE-2024-43572 之后，第二个在野外被利用的 MMC 相关零日漏洞。而 CVE-2025-24985 则是自 2022年3月以来，Windows Fast FAT 文件系统驱动的首个被利用的零日漏洞。 目前尚不清楚这些漏洞的具体利用规模和攻击环境。鉴于其严重性，美国网络安全与基础设施安全局（CISA）已将这些漏洞列入“已知被利用漏洞”（KEV）目录，并要求联邦机构在 2025年4月1日前完成修补。   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability, which was classified as critical, was found in SAML-Toolkits ruby-saml up to 1.12.3/1.17.x. This affects an unknown part of the component ReXML/Nokogiri. The manipulation leads to improper verification of cryptographic signature. This vulnerability is uniquely identified as CVE-2025-25291. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in SAML-Toolkits ruby-saml up to 1.12.3/1.17.x. Affected by this issue is some unknown functionality of the component Message Size Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2025-25293. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Palo Alto PAN-OS, Cloud NGFW and Prisma Access. Affected by this vulnerability is an unknown functionality of the component LLDP Frame Handler. The manipulation leads to improper check for unusual conditions. This vulnerability is known as CVE-2025-0116. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Palo Alto PAN-OS, Cloud NGFW and Prisma Access. Affected is an unknown function of the component CLI. The manipulation leads to improper resolution of path equivalence. This vulnerability is traded as CVE-2025-0115. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto PAN-OS, Cloud NGFW and Prisma Access. It has been rated as problematic. This issue affects some unknown processing of the component GlobalProtect. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2025-0114. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in rmosolgo graphql-ruby up to 2.3.20. It has been declared as critical. This vulnerability affects the function GraphQL::Schema::Loader.load. The manipulation leads to code injection. This vulnerability was named CVE-2025-27407. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Callisto An Intelligent Automated Binary Vulnerability Analysis Tool Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the pseudo code output looking...

The post Callisto: An Intelligent Binary Vulnerability Analysis Tool appeared first on Penetration Testing Tools.

SMShell PoC for an SMS-based shell. Send commands and receive responses over SMS from mobile broadband-capable computers. This tool came as an inspiration during research on eSIM security implications led by Markus Vervier, presented...

The post SMShell: PoC for a SMS-based shell appeared first on Penetration Testing Tools.

HackerNews 编译，转载请注明出处： 威胁情报公司 GreyNoise 警告称，针对服务器端请求伪造（SSRF）漏洞的攻击正在多个平台上呈现“协同激增”态势。 “至少有400个IP地址正在同时利用多个SSRF相关的CVE漏洞，且攻击行为之间存在显著重叠。”GreyNoise 表示，该公司在2025年3月9日观察到这一活动。 当前，遭受SSRF漏洞攻击的国家包括美国、德国、新加坡、印度、立陶宛和日本。此外，以色列在2025年3月11日经历了一波显著增长。 以下是被攻击者利用的SSRF漏洞列表： – CVE-2017-0929（CVSS评分：7.5）- DotNetNuke   – CVE-2020-7796（CVSS评分：9.8）- Zimbra Collaboration Suite   – CVE-2021-21973（CVSS评分：5.3）- VMware vCenter   – CVE-2021-22054（CVSS评分：7.5）- VMware Workspace ONE UEM   – CVE-2021-22175（CVSS评分：9.8）- GitLab CE/EE   – CVE-2021-22214（CVSS评分：8.6）- GitLab CE/EE   – CVE-2021-39935（CVSS评分：7.5）- GitLab CE/EE   – CVE-2023-5830（CVSS评分：9.8）- ColumbiaSoft DocumentLocator   – CVE-2024-6587（CVSS评分：7.5）- BerriAI LiteLLM   – CVE-2024-21893（CVSS评分：8.2）- Ivanti Connect Secure   – OpenBMCS 2.4 认证后 SSRF 攻击（无 CVE 编号）   – Zimbra Collaboration Suite SSRF 攻击（无 CVE 编号）   GreyNoise 指出，许多相同的IP地址正在同时针对多个SSRF漏洞，而非集中攻击单一漏洞。这种攻击模式表明，攻击者正在实施结构化的漏洞利用，可能涉及自动化工具或事先的情报收集。 鉴于当前的活跃攻击态势，GreyNoise 建议用户立即安装最新补丁、限制出站连接至必要端点，并密切监测异常的出站请求。 “许多现代云服务依赖内部元数据 API，而一旦SSRF漏洞被利用，攻击者就能访问这些API。”GreyNoise 解释道，“SSRF 可用于绘制内部网络拓扑、定位易受攻击的服务，并窃取云凭据。”   消息来源：The Hacker News；  本文由 HackerNews.cc 翻译整理，封面来源于网络；   转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as problematic has been found in gethomepage homepage up to 0.9.1. This affects an unknown part. The manipulation leads to reliance on reverse dns resolution. This vulnerability is uniquely identified as CVE-2024-42364. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-41150. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in opensearch-project security-dashboards-plugin up to 1.3.18/2.15.x. It has been classified as problematic. This affects an unknown part. The manipulation of the argument nextUrl leads to open redirect. This vulnerability is uniquely identified as CVE-2024-43794. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-38869. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Experience Manager up to 6.5.20. This affects an unknown part. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2024-41849. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AcuToWeb Server 10.5.0.7577C8b and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-42852. The attack may be initiated remotely. There is no exploit available.