Yasin Saffarisymbolexe.xyz·12 hours agoVulnersX ToolVulnersX VulnersX is a powerful tool for efficiently searching and analyzing software vulnerabilities. It provides comprehensive results with both SQLite database and text file outputs, ensuring flexibility and ease of use for security professionals ...Discuss#cybersecurity
Yasin Saffarisymbolexe.xyz·12 hours agoSHIFU ToolSHIFU is a comprehensive and powerful toolkit designed to streamline the process of finding detailed information about Common Vulnerabilities and Exposures (CVEs). Introduction SHIFU is a comprehensive and powerful toolkit designed to streamline the ...Discuss#cybersecurity
Yasin Saffarisymbolexe.xyz·13 hours agoOOGWAY ToolOOGWAY is a powerful command-line utility designed to streamline the search for vulnerabilities and details regarding Common Vulnerabilities and Exposures (CVEs). Overview OOGWAY simplifies the process of searching for vulnerabilities and accessing C...Discuss#cybersecurity
Sergio Medeirosgrumpz.net·Apr 22, 2024Uncovering an SSRF Vulnerability in PDFMyURL Affecting Numerous UsersWhile enumerating the scope of a target on a private bug bounty program, I came across a subdomain used for generating PDF files. However, it seemed out-of-scope as they were simply white labeling a service called PDFMyURL, which lets you convert any...Discuss·10 likes·593 readsMy Security Researchbugbounty
Nicolás GeorgerforSREDevOps.orgsredevopsorg.hashnode.dev·Apr 5, 2024Kube-Bench: Chequea la seguridad de tus clusters KubernetesKube-bench es una herramienta de código abierto que realiza una evaluación de seguridad completa de los entornos de Kubernetes. Es como el "Juramento Hipocrático" para Kubernetes, verificando todo lo posible contra las mejores prácticas y benchmarks ...DiscussCVE
Đậu Hoàng Tàiblog.taidh.xyz·Mar 29, 2024Analysis of Parse Server Prototype Pollution Remote Code Execution Vulnerability (CVE-2022-39396)Mình đã từng làm về dạng Prototype Pollution trong CTF rất nhiều nhưng có lẽ đây là lần đầu mình research CVE về lỗi này ADVISORY DETAILS. Khi mình được @n3mo rủ làm về CVE này thì chúng mình đã bắt tay vào làm ngay và sau 1 tuần debug vào mỗi đêm th...DiscussCVE-2022-39396
Đậu Hoàng Tàiblog.taidh.xyz·Mar 29, 2024Atlassian Confluence Vulnerability Analysis CVE-2022-26134Tiếp tục với những bài viết research về 1day thì mình đã chọn CVE-2022-26134 để phân tích. Đây là 1 CVE về Confluence Server OGNL Injection dẫn đến có thể thực thi mã từ xa. Dưới đây mình sẽ nói rõ về cách diff, setup debug và lỗ hổng này nó sẽ được ...Discuss·31 readsresearch
Andreas RenzforEncryptoriumblog.encryptorium.com·Mar 28, 2024The Heartbleed Vulnerability: CVE-2014-0160The Heartbleed bug is one of the most significant security vulnerabilities that have impacted the internet, affecting millions of web servers and users' data security worldwide. Discovered in April 2014, Heartbleed was a severe flaw in OpenSSL, a wid...Discussheartbleed
Anjalipeachycloudsecurity.hashnode.dev·Mar 13, 2024Testing Cloud (AWS & Azure) WAF Capabilities Against log4shell(CVE-2021–44228)Log4j shell or Log4Shell or LogJam[CVE-2021–44228] is a zero day that allows hackers to execute remote code execution(RCE). It exploits JNDI Api that uses LDAP protocol.Some organization might be thinking that they have cloud WAF’s like AWS WAF & Azu...DiscussCVE-2021–44228
Aditya Samantblog.adityasamant.dev·Feb 29, 2024Low cost CVE scanning with TrivyIntroduction In a world of microservices, a production grade enterprise application comprises of hundreds of docker images. Organisations and their customers have a high focus on the security of applications and one of the key requirements is to keep...Discusstrivy