Aller au contenu
Skip to CUSTOM_HTML-19
Skip to RECENT-POSTS-2
Skip to SEARCH-2
Skip to CUSTOM_HTML-2
Skip to RSS-5
Skip to RSS-4
Skip to CUSTOM_HTML-14
Skip to META-2
Skip to AKISMET_WIDGET-2
Skip to CUSTOM_HTML-11
Skip to CUSTOM_HTML-5
Skip to CUSTOM_HTML-16
Skip to CUSTOM_HTML-6
Skip to CUSTOM_HTML-17
Skip to CUSTOM_HTML-7
Skip to CUSTOM_HTML-8
Skip to CUSTOM_HTML-9
Skip to CUSTOM_HTML-10
Skip to TAG_CLOUD-2
Skip to ARCHIVES-2
Skip to CUSTOM_HTML-13
Skip to CUSTOM_HTML-18
Skip to CUSTOM_HTML-15
Attention à vos informations.
TNT Sécurité
Attention à vos informations.
Shrunk
Expand
Navigation Principale
Open
Liens web
Android
Section Privée
Open
Archives de l'Année
Link to Year Archives
2019
Link to Year Archives
2023
1
4 Articles archivés
2
3
4
5
6
7
8
9
10
11
12
TNT Hacking World
Articles récents
Téléchargez le ISO de Windows 11
Office 2021 Pro LTSC
Hacking — Crypto monnaies — Forum underground — Informations
Comment accéder sécuritairement votre réseau local à l’aide de PiVPN
Comment exploiter une faille de sécurité à l’aide de Metasploit.
Comment utiliser l’API Shodan avec du Python pour automatiser les recherches des périphériques vulnérables
20 commandes essentielles de Meterpreter
Hacker à l’aide de Metasploit et le module Shodan.
L’exploit KRACK affecte tous les périphériques Wi-Fi utilisant le protocole WPA2
Comment hacker Windows à l’aide d’un « Malware »
Search for:
Exploit Database
Common Vulnerability Database
CVE-2024-3177
22 avril 2024
Low Severity Description A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference […]
CVE-2024-32653
22 avril 2024
Medium Severity Description jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability. Read more […]
CVE-2024-32656
22 avril 2024
High Severity Description Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled […]
CVE-2024-32480
22 avril 2024
High Severity Description LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole […]
CVE-2024-32657
22 avril 2024
Medium Severity Description Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is serving NixOS `.iso` files. The issue […]
Bugtraq
BACKDOOR.WIN32.DUMADOR.C / Remote Stack Buffer Overflow (SEH)
19 avril 2024
Posted by malvuln on Apr 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/6cc630843cabf23621375830df474bc5.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Dumador.c Vulnerability: Remote Stack Buffer Overflow (SEH) Description: The malware runs an FTP server on TCP port 10000. Third-party adversaries who can reach the server can send a specially […]
SEC Consult SA-20240418-0 :: Broken authorization in Dreamehome app
19 avril 2024
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 19SEC Consult Vulnerability Lab Security Advisory < 20240418-0 > ======================================================================= title: Broken authorization product: Dreamehome app vulnerable version:
MindManager 23 - full disclosure
19 avril 2024
Posted by Pawel Karwowski via Fulldisclosure on Apr 19Resending! Thank you for your efforts. GitHub - pawlokk/mindmanager-poc: public disclosure Affected application: MindManager23_setup.exe Platform: Windows Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition) Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team) Proposed mitigation:...
CVE-2024-31705
14 avril 2024
Posted by V3locidad on Apr 14CVE ID: CVE-2024-31705 Title : RCE to Shell Commands" Plugin / GLPI Shell Command Management Interface Affected Product : GLPI - 10.X.X and last version Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input. […]
SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue
14 avril 2024
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14SEC Consult Vulnerability Lab Security Advisory < 20240411-0 > ======================================================================= title: Database Passwords in Server Response product: Amazon AWS Glue vulnerable version: until 2024-02-23 fixed version: as of 2024-02-23 CVE number: - impact: medium homepage: https://aws.amazon.com/glue/ found:...