The Challenge: CVE-2023-38545 In the world of digital security, a formidable adversary has emerged – CVE-2023-38545. It exposes a critical heap buffer overflow in Curl’s SOCKS5 proxy handshake, demanding immediate action. The Dilemma: How It Unfolded When Curl passes a hostname to the SOCKS5 proxy, it should limit the length to 255 bytes. If it exceeds this limit, a bug […]
Alert: Safeguard Your Confluence for an Urgent Upgrade! Advisory Release Date: Wednesday, Oct 4th, 2023, 06:00 PDT Attention, Confluence Users! We’ve got some news that’s making waves in the tech world. Atlassian has recently uncovered a significant security concern – CVE-2023-22515 – and it’s time for you to sit up and take notice. The Scoop: What’s Happening? Picture this: a […]
Curl, which relies on libcurl, is a widely-used command-line tool for transferring data via URL syntax. It supports a diverse array of protocols, including FTP(S), HTTP(S), IMAP(S), LDAP(S), MQTT, POP3, RTMP(S), SCP, SFTP, SMB(S), SMTP(S), TELNET, WS, and WSS. The maintainers of the Curl library have issued a warning regarding two security vulnerabilities scheduled for resolution in an upcoming update […]
Introduction: In the realm of Linux security, a new vulnerability known as “Looney Tunables,” officially designated CVE-2023-4911, has raised significant alarms. This high-severity flaw resides in the GNU C Library’s dynamic loader, posing a serious threat to major Linux distributions. The flaw, marked by a buffer overflow weakness, allows local attackers to gain root privileges, which could lead to unauthorized […]
The world of technology is always advancing, with new products and services being developed at a rapid pace. However, with this progress comes new security risks and vulnerabilities, which can leave users and organizations vulnerable to attacks. One such vulnerability is CVE-2023-22809, a critical vulnerability in the popular Unix and Linux utility, sudo. Sudo is a powerful tool that allows […]
So what is a tracking pixel and how does it work? A tracking pixel is a transparent tiny image (1px). Similar to an image of a website, whenever you see an image of a website with your web browser it gets downloaded locally to your computer. By downloading an image from a website you create new log entries in the […]
How many people want to dig into the security world but have no idea where to start from? Everything is chaotic and if basic information is missing that creates gaps as we move on learning deeper. I got some great news! THM is now offering a new learning path called “Pre Security“. Not only you can learn, but you can […]
Netcat is a tiny tool for linux and windows and it is used for reading and writing data across network connections using TCP or UDP. It has amazing features and it is a must-have tool for pen-testing. It is called the “Swiss-army knife for TCP/IP”. Netcat is a terminal application with many features. Apart from basic telnet functions, it can […]
PortMapper service runs in port TCP and UDP 111 and provides RPC (Remote Procedure Calls) like NFS mounts. Portmapper service that can be accessed from the Internet can be exploited by an attacker to perform DDoS attacks. An attacker can gain information about your network, e.g. existing network shares or running RPC services. RPC stands for remote procedure call. To […]
When working on the terminal either locally or via ssh, many times it is needed to open an additional terminal while a process is already running on the first one. For example, you are downloading a huge file and it needs 40mins or more to finish and you want to do something else on a new terminal while you are […]