IstanbulCoders‘un her perşembe gerçekleştirmiş olduğu bilgi paylaşım etkinliğinde Penetration Testing den bahsettim. Keyifli seyirler.
- CVE-2020-10551QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService.
- CVE-2020-10621Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2).
- CVE-2020-11555An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.
- CVE-2020-11554An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.
- CVE-2020-11556An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.
- CVE-2020-11553An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.
- CVE-2020-11557An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.
- CVE-2020-11655SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
- CVE-2020-11656In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
- CVE-2019-20637An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures […]
Sonra yarım gün çalışıyorlar zaten diye kadınlar işe alınmasın. Verim alamıyoruz diye işten çıkartmalar olsun.. haa… twitter.com/i/web/status/1…
- Nessus Truncated Packets Uyarısı
- Nessus Tarama Sorunu (Network Congestions, Truncated)
- Ubuntu Resolv.conf Dosyasının Reboot Sonrası Değişmesi Sorunu
- NMAP Tarama Sonucunda HTML Rapor Oluşturmak
- Kali İşletim Sistemine Komut Satırından Proxy Ekleme
- USOM Duyuru Faaliyetleri: Güvenlik Açıklıkları
- E-Ticarette Güven Damgası Dönemi ve Sızma Testi
- TestHive – Penetration Testing Talks
- Sızma Testi Bulguları İçin Reçete
- Kayhan Kayıhan – IETT siber saldırı röportajı