IstanbulCoders‘un her perşembe gerçekleştirmiş olduğu bilgi paylaşım etkinliğinde Penetration Testing den bahsettim. Keyifli seyirler.
Tag: IstanbulCodes
Category
RECENT VULNERABILITIES
- CVE-2020-12514Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
- CVE-2020-12525M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
- CVE-2020-12513Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
- CVE-2020-12512Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
- CVE-2020-12511Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
- CVE-2020-28487This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
- CVE-2021-21270OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.
- CVE-2021-21260Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to […]
- CVE-2020-4766IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
- CVE-2021-21259HedgeDoc is open source software which lets you create real-time collaborative markdown notes. In HedgeDoc before version 1.7.2, an attacker can inject arbitrary JavaScript into a HedgeDoc note, which is executed when the note is viewed in slide mode. Depending on the configuration of the instance, the attacker may not need authentication to create or […]
Last Tweets
-
DeepBlueCLI: Powershell Threat Hunting i5c.us/2sILyot https://t.co/l98o1OdXbS
-
Bugün 19:00'da @IzmirGophers 'da görüşürüz. Konumuz TDD ve Clean Architecture 🤟meetup.com/IzmirGophers/e…
-
Go serverlere güzel bir Türkçe e-kitap (PDF) paylaşayım. @ksckaan1 tarafından hazırlanmış, oldukça da güzel olmuş 👏… twitter.com/i/web/status/1…
-
Sonra yarım gün çalışıyorlar zaten diye kadınlar işe alınmasın. Verim alamıyoruz diye işten çıkartmalar olsun.. haa… twitter.com/i/web/status/1…
-
#RDP ve #CryptoAPI zafiyeteri için hızla aksiyon almak faydalı olacaktır. Geçtiğimiz hafta yayınlanan Citrix zafiy… twitter.com/i/web/status/1…
Recent Posts
- Nessus Truncated Packets Uyarısı
- Nessus Tarama Sorunu (Network Congestions, Truncated)
- Ubuntu Resolv.conf Dosyasının Reboot Sonrası Değişmesi Sorunu
- NMAP Tarama Sonucunda HTML Rapor Oluşturmak
- Kali İşletim Sistemine Komut Satırından Proxy Ekleme
- USOM Duyuru Faaliyetleri: Güvenlik Açıklıkları
- E-Ticarette Güven Damgası Dönemi ve Sızma Testi
- TestHive – Penetration Testing Talks
- Sızma Testi Bulguları İçin Reçete
- Kayhan Kayıhan – IETT siber saldırı röportajı
Followed By
Links
- Ağ Güvenliği
- Ask Ubuntu
- BGA Blog
- BH Leaks
- Bilgi Güvenliği
- Blackhat Scene
- CEH Türkiye
- Computer Security With Ethical Hacking
- Çözüm Park
- CVE
- Dark Reading
- DistroWatch
- Dünya Gerçeğim
- E-Hacking News
- Elite Hackers
- EnderUnix
- Hack a Day
- Hack PC Online
- Hack PC Online
- Hackers Online Club
- In Secure
- Indian Hack Word
- Infosec Institute
- Internet Hukuku
- Ipucu EnderUnix
- Learn Hacking
- Linux Akademi
- Log Yönetimi
- Lostar Blog
- Net Security
- Packet Storm Security
- Pardus
- Saint Andrew's Paradise
- Sec Savvy
- Secure List
- Security Focus
- Security Phresh
- Security Space
- Security Stack Exchange
- Security Stack Exchange
- Security Tube Training
- SecurityXploded
- The Hacker News
- Top Ten Reviews
- We Live Security
- White Hat Security