Collaborate Disseminate
Is there any free or paid service to get updates of recent security vulnerability updates of different systems? I have heard about the NVD but it is a manual process to find the vulnerabilities from this database. Is there anything that is… Continue reading Security vulnerability updates [closed]
I need to use Nuclei to create some templates for a site. But to locate the bug, I have to use some information that site returns after the first request. Is it possible to take it from the response and use it in the next request?
Continue reading How to use parameters from response in new request in Nuclei?
I need to use Nuclei to create some templates for a site. But to locate the bug, I have to use some information that the site returns after the first request. Is it possible to take it from the response and use it in the next request?
… Continue reading How to use parameters from response in new request in Nuclei?
Coverity shows the block of code as unsafe deserialization:
String str = OBJECT_MAPPER.writeValueAsString(body); //Body is user controlled
Ferarri myclassobj = OBJECT_MAPPER.readValue(str, Ferarri.class);
(Coverity: The virtual call res… Continue reading Coverity flags as unsafe deserialisaton. Is this vulnerable?
Assuming a SOC in a Big Cap company which has >3000 web applications. Web App scans are performed at the moment, but they scratch the surface as scans are unauthenticated.
As
there is no way SSO will be put on all of these apps (utopic… Continue reading Authenticated application scans across thousands of webapps with different credentials
The first erros appear to be:
May 5 23:19:42 in-target: Test completeness and readiness of GVM-11^M
May 5 23:19:42 in-target: Step 1: Checking OpenVAS (Scanner)… ^M
May 5 23:19:42 in-target: OK: OpenVAS Scanner is present in… Continue reading alienvault installation fails with gvm setup errors in log
Nmap: Nmap is a powerful open source network exploration and security auditing tool that can help identify vulnerabilities in a system. It is widely used for port scanning, version detection, and network mapping. Nmap can also be used for vulnerability… Continue reading Top 5 Open Source Vulnerability Security Scanning Tools
I ran a SAST Analysis on a project I’m working on and the tool reports the following snippet as a Relative Path Traversal vulnerability (CWE-23):
[Authorize]
[HttpPut("exists")]
public async Task<IActionResult> FileExists([… Continue reading Checking if an arbitrary file exists on the server can be considered Path Traversal?
I am practicing initial access & privilege escalation using legacy vulnerabilities, particularly the RCE vulnerability on the Tomcat Manager.
I have been trying to use Nikto to first scan the Tomcat instance for default credentials, bu… Continue reading Using Nikto to scan for default credentials on Tomcat
My company has multiple sites, some of them have a Firewall preventing access from our internal network. We are considering installing a vulnerability scanner like Nessus, but are wondering how to do it with those locations that have a FW…. Continue reading Agent-based network scanner [closed]