Penetration Testing

MARCH 28, 2024

The flaw, designated CVE-2023-50969 with a critical CVSS score... The post CVE-2023-50969: Critical Flaw in Imperva SecureSphere WAF Could Lead to Devastating Breaches appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Firewall 145

Penetration Testing

APRIL 6, 2024

This flaw, designated CVE-2023-3454 (CVSS 8.6), could allow malicious actors to... The post CVE-2023-3454: Critical Vulnerability in Brocade Fabric OS Exposes Networks to Remote Attacks appeared first on Penetration Testing.

Penetration Testing 132

Penetration Testing Firmware 132

Penetration Testing

MARCH 1, 2024

An independent security researcher has published details and proof-of-concept (PoC) code for a macOS vulnerability (CVE-2023-42942) that could be exploited for root privilege escalation.

Penetration Testing 140

Penetration Testing 140

Penetration Testing

DECEMBER 23, 2023

Identified as... The post CVE-2023-51385 and CVE-2023-6004 – A Dual OpenSSH Threat appeared first on Penetration Testing. A now-patched security vulnerability, with a CVSS score of 9.8, threatened the very core of its secure channel operations.

Penetration Testing 130

Penetration Testing 130

Penetration Testing

APRIL 1, 2024

This vulnerability, designated CVE-2023-6154, carries a... The post Bitdefender CVE-2023-6154 Flaw Alert: Update Now to Prevent Potential Privilege Escalation appeared first on Penetration Testing.

Penetration Testing 121

Penetration Testing Antivirus Internet Internet 121

Penetration Testing

FEBRUARY 15, 2024

Two new vulnerabilities (CVE-2023-52160, CVE-2023-52161) in open-source WiFi software are allowing attackers to trick victims into connecting to evil twins of trusted networks intercept their traffic, and join otherwise secure networks without needing the... The post Critical Wi-Fi Flaws Put Your Data at Risk (CVE-2023-52160, CVE-2023-52161) (..)

Penetration Testing 108

Penetration Testing Risk Software 108

Penetration Testing

JANUARY 30, 2024

The GNU C Library (glibc), a fundamental component in major Linux distributions, has a critical vulnerability, CVE-2023-6246. The core of this... The post Root Access Risk: CVE-2023-6246 Exposes Critical Flaw in Linux’s glibc appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing Risk 141

Penetration Testing

MARCH 10, 2024

The vulnerability, labeled CVE-2023-41313, allows attackers to exploit weaknesses in the authentication process within Apache Doris... The post CVE-2023-41313: Timing Attack Flaw in Apache Doris Database Puts Data at Risk appeared first on Penetration Testing.

Penetration Testing 129

Penetration Testing Risk Authentication 129

Penetration Testing

FEBRUARY 19, 2024

A proof-of-concept (PoC) was disclosed for a severe design flaw (CVE-2023-50387) in Domain Name System Security Extensions (DNSSEC), leaving DNS infrastructures vulnerable to widespread denial-of-service (DoS) attacks.

DNS 130

DNS Penetration Testing 130

Penetration Testing

FEBRUARY 18, 2024

Recently disclosed vulnerabilities (CVE-2023-28078 and CVE-2023-32462) pose a severe threat. They range from sensitive data exposure, and service disruption, all... The post CVE-2023-32462 (CVSS 9.8): Patch Dell Switches to Block Takeover appeared first on Penetration Testing.

Penetration Testing 120

Penetration Testing 120

Penetration Testing

FEBRUARY 21, 2024

for Windows, Mac, and Linux, addressing a severe privilege escalation vulnerability (CVE-2023-7235). During non-standard OpenVPN GUI installations... The post CVE-2023-7235: OpenVPN Vulnerability Puts Windows Users at Risk appeared first on Penetration Testing. OpenVPN has released version 2.6.9

Penetration Testing 117

Penetration Testing Risk 117

Penetration Testing

MARCH 1, 2024

CVE-2023-50378, a stored cross-site scripting (XSS) flaw, presents a significant... The post CVE-2023-50378: Apache Ambari Stored Cross-Site Scripting Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

MARCH 25, 2024

Security researcher Yann Gascuel (Alter Solutions) has detailed a critical privilege escalation vulnerability (CVE-2023-42931) affecting the following macOS versions: macOS Monterey prior to 12.7.2 ... The post CVE-2023-42931: macOS Flaw Exposed Systems to Easy Privilege Escalation – Patch Now! macOS Ventura prior to 13.6.3

Penetration Testing 111

Penetration Testing 111

Penetration Testing

APRIL 16, 2024

Despite a year-old fix, hackers are exploiting unpatched devices, fueling the... The post Old Vulnerability, New Attacks: Botnets Swarm Exploited CVE-2023-1389 in TP-Link Routers appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Cybersecurity 111

Penetration Testing

MARCH 21, 2024

A security researcher has published details and proof-of-concept (PoC) code for a Windows CVE-2023-36424 vulnerability that could be exploited to elevate privileges from a Medium Integrity Level to a High Integrity Level.

Penetration Testing 110

Penetration Testing 110

Penetration Testing

MARCH 21, 2024

Security researchers at Horizon3 have released proof-of-concept (PoC) code for a severe vulnerability (CVE-2023-48788) in the Fortinet FortiClient Enterprise Management Server (EMS). With a CVSS score of 9.3,

Penetration Testing 109

Penetration Testing 109

Security Boulevard

JUNE 8, 2023

Our thanks to BSidesSF for publishing their presenter’s superlative BSidesSF 2023 content on the organizations’ YouTube channel. Permalink The post BSidesSF 2023 – Justin Wynn – Red Team Tales – 7 Years of Physical Penetration Testing appeared first on Security Boulevard.

Penetration Testing 52

Penetration Testing Education InfoSec Cybersecurity 52

Penetration Testing

MARCH 4, 2024

A severe security flaw (CVE-2023-6825) has been uncovered in the popular File Manager and File Manager Pro WordPress plugins.

Penetration Testing 135

Penetration Testing 135

Penetration Testing

DECEMBER 15, 2023

In March, at the Pwn2Own contest in Vancouver, a... The post PoC Released for SharePoint Pre-Auth RCE Chain (CVE-2023-29357 & CVE-2023-24955) appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

Penetration Testing

JANUARY 16, 2024

A new threat looms large for users of Confluence Data Center and Confluence Server, marked by the alarming designation CVE-2023-22527.

Penetration Testing 145

Penetration Testing 145

Penetration Testing

JANUARY 21, 2024

A critical vulnerability, identified as CVE-2023-40051 and rated with a CVSS score of 9.1, CVE-2023-40051 manifests itself across multiple versions... The post CVE-2023-40051: Critical Progress OpenEdge Vulnerability Threatens Server Security appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing 108

Penetration Testing

MARCH 5, 2024

Two vulnerabilities (CVE-2021-36380 & CVE-2023-21237), known to be under active attack, have landed on their KEV (Known Exploited Vulnerabilities) catalog. This means... The post CISA Warns of Active Exploitation of CVE-2021-36380 & CVE-2023-21237 Flaws appeared first on Penetration Testing.

Penetration Testing 105

Penetration Testing Cybersecurity 105

Penetration Testing

JANUARY 10, 2024

However, the discovery of CVE-2023-49647, a significant privilege... The post CVE-2023-49647: A High-Risk Zoom Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk Software 111

Penetration Testing

FEBRUARY 13, 2024

A severe zero-day vulnerability (CVE-2023-50358) has been discovered in QNAP Network Attached Storage (NAS) devices. Threat actors are already... The post CVE-2023-50358: A zero-day vulnerability affecting QNAP NAS devices appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

eSecurity Planet

APRIL 7, 2023

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. Also read: 24 Top Open Source Penetration Testing Tools What Is Penetration Testing? An ethical hacking certification may help too.

Penetration Testing 138

Penetration Testing Social Engineering Energy and Utilities Hacking 138

Penetration Testing

JANUARY 11, 2024

The Linux Kernel has been hit by a significant security vulnerability, CVE-2023-6040, with a CVSS score of 7.8, Discovered by Lin Ma from Ant Security Light-Year Lab, this flaw arises... The post CVE-2023-6040: A Critical Linux Kernel Netfilter Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

JANUARY 15, 2024

A new security vulnerability was found in the GRUB boot manager, CVE-2023-4001. on the Common Vulnerability Scoring System (CVSS), presents a unique challenge in the realm of... The post Bypassing GRUB Security: How CVE-2023-4001 Exploits UEFI Systems appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing 110

Penetration Testing

FEBRUARY 17, 2024

A recently disclosed vulnerability in Dell EMC Enterprise SONiC (CVE-2023-32484) could have profound consequences for your data center network security.

Penetration Testing 111

Penetration Testing Risk Network Security 111

Penetration Testing

JANUARY 10, 2024

Known for its efficiency in providing mutable data structures through a server-client model,... The post CVE-2023-41056: Redis Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing 111

Penetration Testing

JANUARY 28, 2024

Identified as CVE-2023-6200, with a considerable CVSS score of 7.5, this flaw exposes a critical race condition within the handling of ICMPv6... The post Critical Alert: CVE-2023-6200 Exploits Linux Kernel with Code Execution Risk appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk 111

Penetration Testing

JANUARY 24, 2024

Dubbed CVE-2023-49657, this stored cross-site scripting (XSS) vulnerability has... The post CVE-2023-49657: Apache Superset Hit by High-Risk Stored XSS Vulnerability appeared first on Penetration Testing.

Penetration Testing 106

Penetration Testing Risk Software 106

Penetration Testing

JANUARY 11, 2024

CVE-2023-7028: Account Takeover via... The post CVE-2023-7028 & 5356: GitLab Addresses Account Takeover & Command Flaws appeared first on Penetration Testing.

Accountability 105

Accountability Penetration Testing Cyber threats 105

Penetration Testing

JANUARY 12, 2024

This platform, written in Java... The post CVE-2023-50290: Apache Solr’s ‘Important’ Severity Security Flaw appeared first on Penetration Testing.

Penetration Testing 110

Penetration Testing 110

Penetration Testing

JANUARY 1, 2024

Proof-of-concept (PoC) exploit code has been made available for a recently disclosed flaw, CVE-2023-50226 (CVSS 7.8), impacting Parallels Desktop. At its core, CVE-2023-50226 is a privilege escalation vulnerability.

Penetration Testing 105

Penetration Testing 105

Penetration Testing

JANUARY 2, 2024

Proof-of-concept (PoC) code has been released for a zero-day iOS vulnerability (CVE-2023-32434) that can be chained to take full control of a mobile device.

Penetration Testing 111

Penetration Testing Mobile 111

Penetration Testing

DECEMBER 25, 2023

In the intricate world of cybersecurity, Barracuda Networks has faced a formidable challenge with the discovery of two zero-day vulnerabilities, CVE-2023-7102 and CVE-2023-7101, both linked to the Spreadsheet::ParseExcel library.

Penetration Testing 111

Penetration Testing Cybersecurity 111

Penetration Testing

JANUARY 16, 2024

Citrix, a leader in digital workspace solutions, has sounded an alarm for its customers regarding two critical zero-day vulnerabilities, CVE-2023-6548 and CVE-2023-6549.

Penetration Testing 107

Penetration Testing 107