IstanbulCoders‘un her perşembe gerçekleştirmiş olduğu bilgi paylaşım etkinliğinde Penetration Testing den bahsettim. Keyifli seyirler.
Tag: IstanbulCodes
Social Media
RECENT VULNERABILITIES
- CVE-2020-12514Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
- CVE-2020-12525M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
- CVE-2020-12513Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
- CVE-2020-12512Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
- CVE-2020-12511Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
- CVE-2020-28487This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
- CVE-2021-21270OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.
- CVE-2021-21260Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to […]
- CVE-2020-4766IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
- CVE-2021-21259HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to create or […]
Last Tweets
-
DeepBlueCLI: Powershell Threat Hunting i5c.us/2sILyot https://t.co/l98o1OdXbS -
Bugün 19:00'da @IzmirGophers 'da görüşürüz. Konumuz TDD ve Clean Architecture 🤟meetup.com/IzmirGophers/e… -
Go serverlere güzel bir Türkçe e-kitap (PDF) paylaşayım. @ksckaan1 tarafından hazırlanmış, oldukça da güzel olmuş 👏… twitter.com/i/web/status/1… -
Sonra yarım gün çalışıyorlar zaten diye kadınlar işe alınmasın. Verim alamıyoruz diye işten çıkartmalar olsun.. haa… twitter.com/i/web/status/1… -
#RDP ve #CryptoAPI zafiyeteri için hızla aksiyon almak faydalı olacaktır. Geçtiğimiz hafta yayınlanan Citrix zafiy… twitter.com/i/web/status/1…