CVE-2021-41773 A weakness was discovered in a change to path normalisation in Apache HTTP Server 2.4.49. An attacker could employ a path traversal attack to redirect URLs to files outside of the folders specified by Alias-like directives. If files outside...
Read moreWelcome to our walkthrough guide for a medium-difficulty challenge that explores a Linux operating system. In this tutorial, we will delve into a command injection vulnerability, uncovering the intricate steps to exploit it successfully. Additionally, we’ll master the art of...
Read moreTop Cyber Crime in 2022 What is Cyber Crime ? Cyber Crime is defined as “the illegal use of any communication device to commit or assist in the commission of any illegal act.” According to Wikipedia , “A crime involving...
Read moreKerberoasting exploits weak Kerberos SPNs in Active Directory, letting attackers extract encrypted service account passwords and crack them offline for privilege escalation. What is Kerberoasting? Kerberoasting is an abuse of Kerberos authentication in Active Directory. Any authenticated user in the Read more
Active Directory is a directory service to store and organize objects on a network (such as computers, users, and devices) provided by Windows. According to Wikipedia, “Microsoft previewed Active Directory in 1999, released it first with Windows 2000 Server edition, and revised Read more
In terms of cybersecurity, authentication bypass by information leak is a major vulnerability that can threaten the integrity of sensitive systems. This attack vector arises when an application mistakenly reveals sensitive information—such as configuration files, database credentials, or user data—due Read more
What is LLMNR Poisoning Attack? Link-Local Multicast Name Resolution (LLMNR) is a protocol used by Windows operating systems to resolve names on a local network when DNS resolution fails. LLMNR allows computers to perform name resolution for hosts on the Read more
CVE-2024-34470 Summary : A vulnerability, classified as critical, was found in HSC Mailinspector up to 5.2.18. This affects an unknown part of the file /public/loader.php. The manipulation of the argument path leads to path traversal. This vulnerability is uniquely identified as CVE-2024-34470. There is no exploit Read more
What is the command injection? Command injection is the web application vulnerability that allows an attacker to execute the arbitrary system command on the server where the application is running. This vulnerability leads to fully compromised server by remote code Read more