IstanbulCoders‘un her perşembe gerçekleştirmiş olduğu bilgi paylaşım etkinliğinde Penetration Testing den bahsettim. Keyifli seyirler.
- CVE-2018-3633** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
- CVE-2021-3406A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
- CVE-2021-20203An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting […]
- CVE-2021-20327A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS serverâ€™s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered […]
- CVE-2021-20328Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS serverâ€™s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption […]
- CVE-2020-27543The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.
- CVE-2021-27330Triconsole Datepicker Calendar
- CVE-2020-23534A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.
- CVE-2021-3124Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[name] field.
- CVE-2021-21066Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when parsing TTF files that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Sonra yarım gün çalışıyorlar zaten diye kadınlar işe alınmasın. Verim alamıyoruz diye işten çıkartmalar olsun.. haa… twitter.com/i/web/status/1…
- Nessus Truncated Packets Uyarısı
- Nessus Tarama Sorunu (Network Congestions, Truncated)
- Ubuntu Resolv.conf Dosyasının Reboot Sonrası Değişmesi Sorunu
- NMAP Tarama Sonucunda HTML Rapor Oluşturmak
- Kali İşletim Sistemine Komut Satırından Proxy Ekleme
- USOM Duyuru Faaliyetleri: Güvenlik Açıklıkları
- E-Ticarette Güven Damgası Dönemi ve Sızma Testi
- TestHive – Penetration Testing Talks
- Sızma Testi Bulguları İçin Reçete
- Kayhan Kayıhan – IETT siber saldırı röportajı