Aggregator
CVE-2024-47846 | Wikimedia Cargo Extension 3.6.0 on Mediawiki cross-site request forgery
CVE-2024-47847 | Wikimedia Cargo Extension 3.6.0 on Mediawiki cross site scripting
GhostStrike: Open-source tool for ethical hacking
GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I decided to develop this tool to replicate one of the most commonly utilized process injection techniques employed in attacks, specifically process hollowing. My objective was to demonstrate how implants generated by Sliver C2 can be … More →
The post GhostStrike: Open-source tool for ethical hacking appeared first on Help Net Security.
CVE-2014-7745 | 133 Flight Manager 4 X.509 Certificate cryptographic issues (VU#582497)
CVE-2020-16971 | Microsoft Azure SDK for Java protection mechanism
CVE-2024-25643 | SAP Fiori App 605 My Overtime Requests authorization
CVE-2024-25120 | TYPO3 t3 Scheme access control (GHSA-wf85-8hx9-gj7c)
CVE-2024-25121 | TYPO3 Persisting File Abstraction Layer access control
CVE-2024-42497 | Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 Systems Manager Role access control
CVE-2024-43780 | Mattermost up to 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 Channel access control
CVE-2024-8231 | Tenda O6 1.0.0.7(2054) /goform/setPortForward fromVirtualSet ip/localPort/publicPort/app stack-based overflow
CVE-2024-25694 | Esri Portal for ArcGIS Enterprise up to 10.8.1/10.9.1/11.1 Link cross site scripting
CVE-2024-25701 | Esri Portal for ArcGIS Enterprise Experience Builder up to 10.8.1/10.9.1/11.1 Link cross site scripting
CVE-2024-25702 | Esri ArcGIS Enterprise Web App Builder up to 10.8.1/10.9.1/11.1 Link cross site scripting
CVE-2024-43683 | Microchip TimeProvider 4100 up to 2.4.6 HTTP Header redirect
CVE-2014-7744 | Musulmanin.com 0.1 X.509 Certificate cryptographic issues (VU#582497)
Bypassing Whitelists With XSS Payloads in Attributes
French government uses biased algorithm to detect welfare fraud, rights groups say
How NIS2 will impact sectors from healthcare to energy
In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect of organizational strategy and accountability. Many experts suggest that the NIS2 Directive has far-reaching implications beyond IT security. Could you expand on the specific non-technical requirements that companies must be aware of? The NIS2 Directive … More →
The post How NIS2 will impact sectors from healthcare to energy appeared first on Help Net Security.