IstanbulCoders‘un her perşembe gerçekleştirmiş olduğu bilgi paylaşım etkinliğinde Penetration Testing den bahsettim. Keyifli seyirler.
- CVE-2020-12514Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
- CVE-2020-12525M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
- CVE-2020-12513Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
- CVE-2020-12512Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
- CVE-2020-12511Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
- CVE-2020-28487This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
- CVE-2021-21270OctopusDSC is a PowerShell module with DSC resources that can be used to install and configure an Octopus Deploy Server and Tentacle agent. In OctopusDSC version 4.0.977 and earlier a customer API key used to connect to Octopus Server is exposed via logging in plaintext. This vulnerability is patched in version 4.0.1002.
- CVE-2021-21260Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to […]
- CVE-2020-4766IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093.
Sonra yarım gün çalışıyorlar zaten diye kadınlar işe alınmasın. Verim alamıyoruz diye işten çıkartmalar olsun.. haa… twitter.com/i/web/status/1…
- Nessus Truncated Packets Uyarısı
- Nessus Tarama Sorunu (Network Congestions, Truncated)
- Ubuntu Resolv.conf Dosyasının Reboot Sonrası Değişmesi Sorunu
- NMAP Tarama Sonucunda HTML Rapor Oluşturmak
- Kali İşletim Sistemine Komut Satırından Proxy Ekleme
- USOM Duyuru Faaliyetleri: Güvenlik Açıklıkları
- E-Ticarette Güven Damgası Dönemi ve Sızma Testi
- TestHive – Penetration Testing Talks
- Sızma Testi Bulguları İçin Reçete
- Kayhan Kayıhan – IETT siber saldırı röportajı