[webapps] Tourism Management System v2.0 – Arbitrary File Upload
Tourism Management System v2.0 – Arbitrary File Upload
[webapps] Nagios XI Version 2024R1.01 – SQL Injection
Nagios XI Version 2024R1.01 – SQL Injection
[webapps] Insurance Management System PHP and MySQL 1.0 – Multiple Stored XSS
Insurance Management System PHP and MySQL 1.0 – Multiple Stored XSS
CVE-2024-29187 | WiX Toolset up to 3.14.0/4.0.4 on Windows Installer C:\Windows\Temp permission assignment
A vulnerability was found in WiX Toolset up to 3.14.0/4.0.4 on Windows. It has been declared as critical. This vulnerability affects unknown code of the file C:\Windows\Temp of the component Installer. The manipulation leads to incorrect permission ass…
CVE-2024-29194 | OneUptime 7.0.1803 is_master_admin authorization (GHSA-246p-xmg8-wmcq)
A vulnerability was found in OneUptime 7.0.1803. It has been classified as critical. This affects an unknown part. The manipulation of the argument is_master_admin leads to authorization bypass.
This vulnerability is uniquely identified as CVE-2024-29…
CVE-2024-29034 | CarrierWave up to 2.2.5/3.0.6 Incomplete Fix CVE-2023-49090 Content-Type interpretation conflict
A vulnerability was found in CarrierWave up to 2.2.5/3.0.6 and classified as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2023-49090. The manipulation of the argument Content-Type leads to interp…
Predicting V8’s Math.random() truncated outputs
i’m doing a research & working around Math.random() like a month ago.
Math.random() uses XORSHIFT128+, so, if we can get the state of the PRNG, it’ll be easy to predict future outputs.
It is public knowledge that Math.random() isn’t a …
Pentest-Muse-Cli – AI Assistant Tailored For Cybersecurity Professionals
Pentest Muse is an AI assistant tailored for cybersecurity professionals. It can help penetration testers brainstorm ideas, write payloads, analyze code, and perform reconnaissance. It can also take actions, execute command line codes, and iterativel…