ProjectDiscovery Blog

Featured posts

Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409)
Research

Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409)

Introduction In this blog post, we will analyze CVE-2024-45409, a critical vulnerability impacting Ruby-SAML, OmniAuth-SAML libraries, which effectively affects GitLab. This vulnerability allows an attacker to bypass SAML authentication mechanisms and gain unauthorized access by exploiting a flaw in how SAML responses are handled. The issue arises due to weaknesses
Harsh Jaiswal Rahul Maini
8 min read
Announcing the Nuclei Templates Community Leaderboard and Rewards!

Announcing the Nuclei Templates Community Leaderboard and Rewards!

We’re thrilled to unveil our latest milestones: over 9,000 stars and 900 unique contributors on the templates project, along with a staggering 20,000 stars on the Nuclei repository. This phenomenal growth is a testament to our community’s unwavering dedication to security and their shared passion for
Prince Chaddha
6 min read
Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409)
Research

Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409)

Introduction In this blog post, we will analyze CVE-2024-45409, a critical vulnerability impacting Ruby-SAML, OmniAuth-SAML libraries, which effectively affects GitLab. This vulnerability allows an attacker to bypass SAML authentication mechanisms and gain unauthorized access by exploiting a flaw in how SAML responses are handled. The issue arises due to weaknesses
Harsh Jaiswal Rahul Maini
8 min read
September 2024 Newsletter
Newsletter

September 2024 Newsletter

With Autumn well underway and the days getting shorter, the team here at ProjectDiscovery are still hard at work with new developments on our tools, as well as some exciting next steps for the community. In this September edition of the PD Community Newsletter, we’ll dip into the latest
Brendan O'Leary Georgina Reeder
5 min read
ProjectDiscovery Pioneers - our Ambassador Program

Announcing Pioneers, ProjectDiscovery's Ambassador Program

Today, we're excited to share some big news: the launch of the Pioneers Ambassador Program. This program is all about recognizing, connecting, and appreciating our active contributors and advocates. If you’re passionate about security, contributing to open-source projects, and collaborating with like-minded professionals, then you’ll want
Jason Harris
2 min read
Zimbra - Remote Command Execution (CVE-2024-45519)
Research

Zimbra - Remote Command Execution (CVE-2024-45519)

Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations. In this blog post, we delve into the nature of this vulnerability,
Parth Malhotra
Rahul Maini
+1
7 min read
Introducing next level XSS detection with Nuclei.
Nuclei

Simplifying XSS Detection with Nuclei - A New Approach

XSS (Cross-Site Scripting) detection has long been a challenge, balancing accuracy with avoiding excessive false positives. Traditionally, this meant creating specific reflection based string matchers for each target, leading to complex and hard-to-maintain configurations. But with headless modes, we can simplify and improve XSS detection in a more intuitive and
Dwi Siswanto
4 min read
Azure Config Review - Nuclei Templates v10.0.0 🎉
Nuclei Templates

Azure Config Review - Nuclei Templates v10.0.0 🎉

We're excited to tell you about Nuclei Templates release v10.0.0! This new version includes newly added Azure Config Review templates. In this blog post, we'll discuss automating azure cloud misconfiguration review, creating custom Azure checks, and sharing results on the PDCP Cloud for review.
Prince Chaddha
10 min read
Introducing the httpx dashboard

Introducing the httpx dashboard

The most widely used ProjectDiscovery tool, httpx, has been an essential asset in the arsenal of security professionals and researchers. Known for its ability to probe live hosts and capture crucial information. httpx has long been a go-to solution for: * Response data (status, server, location, etc.) * Technology detection * Extra metadata
Tarun Koyalwar
4 min read
Advancing Asset Management - PDCP v0.8.9
PDCP

Advancing Asset Management - PDCP v0.8.9

We're excited to announce the release of version 0.8.9 of the ProjectDiscovery Cloud Platform. This update introduces significant enhancements to our asset management capabilities, focusing on asset inventory, AI-powered search, and improved user experience. Key Features in v0.8.9 Asset Inventory and Technologies The new
ProjectDiscovery
2 min read

Subscribe to our newsletter and stay updated.

Don't miss anything. Get all the latest posts delivered straight to your inbox. It's free!
Great! Check your inbox and click the link to confirm your subscription.
Error! Please enter a valid email address!
--