Penetration Testing

APRIL 21, 2024

Citrix has released an urgent security advisory regarding a vulnerability (CVE-2024-3902) discovered in its uberAgent software. High), could allow attackers to escalate their privileges within... The post Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902) appeared first on Penetration Testing.

Penetration Testing 114

Penetration Testing Software 114

Penetration Testing

APRIL 18, 2024

The patches address a high-severity vulnerability, designated CVE-2024-20380 (CVSS 7.5), that could allow unauthenticated, remote attackers to crash ClamAV... The post ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380 appeared first on Penetration Testing.

Penetration Testing 125

Penetration Testing Risk Antivirus Software 125

Penetration Testing

APRIL 3, 2024

Google has revealed in their April 2024 Pixel Update Bulletin that several serious security flaws could be putting your Pixel device at risk.

Penetration Testing 113

Penetration Testing Risk 113

Penetration Testing

MARCH 31, 2024

The technical details and proof-of-concept (PoC) exploit code has been released for a significant vulnerability, designated CVE-2024-0582 (CVSS 7.8) could allow attackers with local... The post CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Penetration Testing

MARCH 22, 2024

These flaws were skillfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest. Zero-Day Dangers Zero-day vulnerabilities... The post Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024 appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing Hacking 136

Penetration Testing

JANUARY 29, 2024

Discovered through Google’s OSS-Fuzz service, three security vulnerabilities have been identified in its systems, two of which... The post CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing 136

Penetration Testing

APRIL 4, 2024

A vulnerability (CVE-2024-31498) with a CVSS score of 7.7 was discovered, allowing attackers to exploit elevated privileges on... The post YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing Software 141

Penetration Testing

FEBRUARY 26, 2024

Two security vulnerabilities (CVE-2024-24401 and CVE-2024-24402) have been identified in Nagios XI, a widely used enterprise-grade monitoring tool. Nagios XI... The post CVE-2024-24401 & 24402: Nagios XI Security Flaws Found! PoC Published appeared first on Penetration Testing. What is Nagios XI?

Penetration Testing 143

Penetration Testing Software Risk 143

Penetration Testing

APRIL 5, 2024

This vulnerability, designated CVE-2024-3116, allows attackers to execute malicious code on servers... The post CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks appeared first on Penetration Testing.

Penetration Testing 122

Penetration Testing 122

Penetration Testing

MARCH 18, 2024

A serious vulnerability (CVE-2024-1753) has been discovered in the popular containerization tools Podman and Buildah. could allow attackers to escape the confines of... The post CVE-2024-1753: Podman/Buildah Vulnerability Allow Container Escapes appeared first on Penetration Testing.

Penetration Testing 128

Penetration Testing 128

Penetration Testing

APRIL 9, 2024

Microsoft’s April 2024 Patch Tuesday release brings a staggering 147 new vulnerability fixes across its software ecosystem.

Penetration Testing 105

Penetration Testing Software Cybersecurity 105

Penetration Testing

MARCH 10, 2024

The vulnerability, designated as CVE-2024-22252, could potentially allow attackers to... The post Thousands of VMware ESXi Instances Exposed to Critical CVE-2024-22252 Vulnerability appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing 144

Penetration Testing

APRIL 17, 2024

HashiCorp has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-3817) within its widely used go-getter library.

Penetration Testing 113

Penetration Testing 113

Hack the Box

JANUARY 23, 2024

Our 2024 guide on web application penetration testing is perfect for beginners. Learn to identify vulnerabilities, exploit weaknesses, and report findings ethically.

Penetration Testing 52

Penetration Testing 52

Penetration Testing

MARCH 17, 2024

These vulnerabilities, labeled CVE-2024-28353 and CVE-2024-28354, leave these routers alarmingly exposed to potential remote... The post CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available appeared first on Penetration Testing.

Penetration Testing 132

Penetration Testing 132

Penetration Testing

MARCH 1, 2024

This flaw, tracked as CVE-2024-0692, could allow unauthenticated attackers to take complete control of... The post CVE-2024-0692: SolarWinds Security Event Manager Unauthenticated RCE Flaw appeared first on Penetration Testing.

Penetration Testing 140

Penetration Testing 140

Penetration Testing

APRIL 5, 2024

Dell has released a critical security patch addressing a severe vulnerability (CVE-2024-0172) in the BIOS software used on a wide range of its PowerEdge Server and Precision Rack systems.

Penetration Testing 133

Penetration Testing Software 133

Penetration Testing

MARCH 19, 2024

Proof-of-concept (PoC) code is now available for a critical severity vulnerability (CVE-2024-21762) in FortiOS SSL VPN. out of 10, this flaw opens the door to remote code execution... The post PoC Releases for 0-day CVE-2024-21762 FortiGate SSLVPN Flaw, Over 133K Remain Vulnerable appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing VPN 145

Penetration Testing

MARCH 13, 2024

Recently, researchers at the Zero Day Initiative (ZDI) have dissected a complex DarkGate malware campaign targeting users through a zero-day flaw in Microsoft Windows SmartScreen (CVE-2024-21412).

Penetration Testing 134

Penetration Testing Malware 134

Penetration Testing

FEBRUARY 5, 2024

Google, a titan in the digital realm, has once again demonstrated its commitment to user security with the release of its February 2024 security updates for Android. This latest security bulletin brings to the... The post CVE-2024-0031: Critical Android Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 142

Penetration Testing 142

Penetration Testing

MARCH 8, 2024

Canon has released a security bulletin addressing a buffer overflow vulnerability (CVE-2024-2184, CVSS 9.8) Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update appeared first on Penetration Testing. in their WSD protocol process.

Firmware 141

Firmware Penetration Testing Risk 141

Penetration Testing

APRIL 15, 2024

A severe security flaw (CVE-2024-31497) has been discovered in the popular SSH client PuTTY (versions 0.68 This defect drastically weakens... The post CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Software 111

Penetration Testing

APRIL 10, 2024

Identified as CVE-2024-31861, this flaw gives attackers a way to inject malicious code through Zeppelin’s Shell interpreter,... The post CVE-2024-31861: Apache Zeppelin Vulnerability Opens Door to Code Injection Attacks appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

Penetration Testing

MARCH 7, 2024

A recently patched vulnerability (CVE-2024-2044) in pgAdmin, the widely-used PostgreSQL administration tool, highlights the ever-present risks of unsafe data deserialization and insufficient input validation.

Penetration Testing 123

Penetration Testing Risk 123

Penetration Testing

APRIL 15, 2024

The flaw, designated as CVE-2024-2876 and carrying a critical CVSS score of 9.8, allows unauthenticated attackers to... The post CVE-2024-2876: Critical Security Flaw Impacts Popular WordPress Email Marketing Plugin appeared first on Penetration Testing.

Marketing 106

Marketing Penetration Testing 106

Penetration Testing

FEBRUARY 27, 2024

This flaw (CVE-2024-1403) carries a CVSS score of 10 – the highest severity rating possible. This means an immediate... The post CVE-2024-1403 (CVSS 10): Critical Progress OpenEdge Vulnerability appeared first on Penetration Testing.

Penetration Testing 130

Penetration Testing Authentication 130

Penetration Testing

FEBRUARY 11, 2024

This vulnerability, designated CVE-2024-0985 (CVSS 8.0), could allow attackers to execute malicious code with... The post CVE-2024-0985: PostgreSQL’s Critical Security Flaw Exposed appeared first on Penetration Testing.

Penetration Testing 133

Penetration Testing System Administration Software 133

Penetration Testing

MARCH 5, 2024

Apple recently pushed out emergency patches to fix two zero-day vulnerabilities (CVE-2024-23225 and CVE-2024-23296) that are already under attack. Hackers were actively using these... The post CVE-2024-23225 & CVE-2024-23296: Apple Patches Actively Exploited 0-Day Flaws appeared first on Penetration Testing.

Penetration Testing 101

Penetration Testing 101

Penetration Testing

MARCH 13, 2024

These security updates address five vulnerabilities, including potential remote code execution, unauthorized data access, and improper authentication... The post CVE-2024-27135: Apache Pulsar Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 131

Penetration Testing Authentication Software 131

Penetration Testing

APRIL 5, 2024

This flaw (CVE-2024-29863) could allow a malicious user with existing access to a... The post QlikView Patches High Severity Privilege Escalation Vulnerability (CVE-2024-29863) appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing Software 107

Penetration Testing

APRIL 25, 2024

A significant vulnerability has been exposed in the widely-used Skylab IGX IIoT Gateway (CVE-2024-4163), allowing attackers to escalate their privileges and potentially take complete control of the affected devices.

Penetration Testing 79

Penetration Testing 79

Penetration Testing

APRIL 10, 2024

project has released an urgent security update addressing a critical command injection vulnerability (CVE-2024-27980) on Windows systems. Even with ‘shell’ options disabled, this flaw could allow attackers to execute malicious code on... The post CVE-2024-27980: Critical Node.js

Penetration Testing 104

Penetration Testing 104

Penetration Testing

MARCH 14, 2024

This vulnerability, designated as CVE-2024-27307, poses a serious security risk and could allow attackers... The post CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution appeared first on Penetration Testing.

Penetration Testing 136

Penetration Testing Risk 136

Penetration Testing

APRIL 19, 2024

Exploit code is now available for a critical vulnerability (CVE-2024-29204) that has been identified in Ivanti Avalanche, a widely deployed mobile device management (MDM) solution used by enterprises. This flaw, rated 9.8

Penetration Testing 97

Penetration Testing Mobile 97

Penetration Testing

APRIL 12, 2024

A newly discovered high-severity security flaw (CVE-2024-22262) in the widely-used Spring Framework software could leave countless applications vulnerable to redirect and server-side request forgery (SSRF) attacks, researchers warn.

Penetration Testing 104

Penetration Testing Software 104

Penetration Testing

APRIL 1, 2024

Octopus Deploy, the popular deployment automation platform, has released a security advisory and subsequent patches to address a critical vulnerability (CVE-2024-2975).

Penetration Testing 108

Penetration Testing 108

Penetration Testing

FEBRUARY 1, 2024

Recently, CYFIRMA’s Research Team has conducted an exhaustive analysis of a security vulnerability, identified as CVE-2024-21833, that poses a significant risk to TP-Link Routers.

Penetration Testing 142

Penetration Testing Risk 142