Collaborate Disseminate
CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which … Continue reading Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
Since I’m quite new to the whole topic of linux privilege escalation I’ve done a few courses in which usually the enumeration of services is mentioned with commands like:
ps aux
systemctl –type=service –state=running
But I wonder how do… Continue reading Linux Privilege Escalation – (running) Services [closed]
I am pentesting an http server using jetty, where I have access to the code.
One of the urls I am looking at is get /services/test.js
Looking at the code below:
@GET
@Path("services/{script:.+[.]js}")
@Produces(MediaT… Continue reading how to exploit pathtraversal vulnerability
The tech giant’s regular vulnerability list includes new vulnerabilities for Windows Updater and Installer.
The post Here’s what Microsoft fixed in September’s Patch Tuesday appeared first on CyberScoop.
Continue reading Here’s what Microsoft fixed in September’s Patch Tuesday
I am running nmap on an http server, and I got the netty version used by the server.
Netty version used is 9.4.53.v20231009 , I tried to check online for CVEs related to this version, and it seems this versions is not directly linked to CV… Continue reading can vulnerabilities in transitive dependencies be exploitable?
Crashes due to faulty updates are nothing new; in fact, one reason IT teams often delay updates is their unreliability and tendency to disrupt the organization’s day-to-day operations. Zero-days are also an old phenomenon. In the past, due to a lack of… Continue reading Tech stack uniformity has become a systemic vulnerability
I am currently trying to perform a return-to-libc attack against a locally run program. Here are the steps I did:
I calculated the bytes needed to overwrite the saved return address
I used a buffer overflow to overwrite the saved return … Continue reading Ret2libc exploit not working but it seems correct in GDB
Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and Jul… Continue reading Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites
ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET dis… Continue reading APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)
Microsoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category.
The post Microsoft Warns of Six Windows Zero-Days Being Actively Exp… Continue reading Microsoft Warns of Six Windows Zero-Days Being Actively Exploited