Aller au contenu
Skip to CUSTOM_HTML-19
Skip to RECENT-POSTS-2
Skip to SEARCH-2
Skip to CUSTOM_HTML-2
Skip to RSS-5
Skip to RSS-4
Skip to CUSTOM_HTML-14
Skip to META-2
Skip to AKISMET_WIDGET-2
Skip to CUSTOM_HTML-11
Skip to CUSTOM_HTML-5
Skip to CUSTOM_HTML-16
Skip to CUSTOM_HTML-6
Skip to CUSTOM_HTML-17
Skip to CUSTOM_HTML-7
Skip to CUSTOM_HTML-8
Skip to CUSTOM_HTML-9
Skip to CUSTOM_HTML-10
Skip to TAG_CLOUD-2
Skip to ARCHIVES-2
Skip to CUSTOM_HTML-13
Skip to CUSTOM_HTML-18
Skip to CUSTOM_HTML-15
Attention à vos informations.
TNT Sécurité
Attention à vos informations.
Shrunk
Expand
Navigation Principale
Open
Liens web
Android
Section Privée
Open
Archives de l'Année
Link to Year Archives
2014
Link to Year Archives
2015
Link to Year Archives
2016
1
2
3
4
5
6
7
8
1 Articles archivés
9
10
1 Articles archivés
11
12
TNT Hacking World
Articles récents
Téléchargez le ISO de Windows 11
Office 2021 Pro LTSC
Hacking — Crypto monnaies — Forum underground — Informations
Comment accéder sécuritairement votre réseau local à l’aide de PiVPN
Comment exploiter une faille de sécurité à l’aide de Metasploit.
Comment utiliser l’API Shodan avec du Python pour automatiser les recherches des périphériques vulnérables
20 commandes essentielles de Meterpreter
Hacker à l’aide de Metasploit et le module Shodan.
L’exploit KRACK affecte tous les périphériques Wi-Fi utilisant le protocole WPA2
Comment hacker Windows à l’aide d’un « Malware »
Search for:
Exploit Database
Common Vulnerability Database
CVE-2024-33663
26 avril 2024
Critical Severity Description python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. Read more at https://www.tenable.com/cve/CVE-2024-33663
CVE-2024-33664
26 avril 2024
High Severity Description python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319. Read more at https://www.tenable.com/cve/CVE-2024-33664
CVE-2024-32868
26 avril 2024
Medium Severity Description ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in […]
CVE-2024-32651
26 avril 2024
Critical Severity Description changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The […]
CVE-2024-33661
26 avril 2024
Critical Severity Description Portainer before 2.20.0 allows redirects when the target is not index.yaml. Read more at https://www.tenable.com/cve/CVE-2024-33661
Bugtraq
Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers
24 avril 2024
Posted by Stefan Kanthak on Apr 24Hi @ll, this post is a continuation of and With the release of .NET Framework 4.8 in April 2019, Microsoft updated the following paragraph of the MSDN article "What's new in .NET Framework" | Starting with .NET Framework 4.5, the clrcompression.dll assembly...
Response to CVE-2023-26756 - Revive Adserver
24 avril 2024
Posted by Matteo Beccati on Apr 24CVE-2023-26756 has been recently filed against the Revive Adserver project. The action was taken without first contacting us, and it did not follow the security process that is thoroughly documented on our website. The project team has been given no notice before or after the disclosure. Our team has […]
BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)
19 avril 2024
Posted by malvuln on Apr 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Dumador.c Vulnerability: Remote Stack Buffer Overflow (SEH) Description: The malware runs an FTP server on TCP port 10000. Third-party adversaries who can reach the server can send a specially […]
SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app
19 avril 2024
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19SEC Consult Vulnerability Lab Security Advisory < 20240418-0 > ======================================================================= title: Broken authorization product: Dreamehome app vulnerable version:
MindManager 23 - full disclosure
19 avril 2024
Posted by Pawel Karwowski via Fulldisclosure on Apr 19Resending! Thank you for your efforts. GitHub - pawlokk/mindmanager-poc: public disclosure Affected application: MindManager23_setup.exe Platform: Windows Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition) Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team) Proposed mitigation:...