Search cyberveille.decio.ch

Found 5 bookmarks

Custom sorting

CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster - Rhino Security Labs

CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.

#rhinosecuritylabs #EN #2024 #vulnerability #Progress #Kemp #LoadMaster #unauthenticated #command #injection

·rhinosecuritylabs.com·Dec 3, 2024

CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster - Rhino Security Labs

Data Exfiltration from Slack AI via indirect prompt injection

This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).

#promptarmor #EN #2024 #Slack #prompt-injection #LLM #vulnerability #steal #indirect-prompt #injection

·promptarmor.substack.com·Aug 20, 2024

Data Exfiltration from Slack AI via indirect prompt injection

Security Flaw in WP-Members Plugin Leads to Script Injection

Attackers could exploit a high-severity cross-site Scripting (XSS) vulnerability in the WP-Members Membership WordPress plugin to inject arbitrary scripts into web pages, according to an advisory from security firm Defiant.

#securityweek #EN #2024 #plugin #WP #Wordpress #WP-Members #Injection #vulnerability

·securityweek.com·Apr 4, 2024

Security Flaw in WP-Members Plugin Leads to Script Injection

CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief

On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.

#paloaltonetworks #EN #2023 #MOVEit #SQL #Injection #Vulnerability #CVE-2023-34362

·unit42.paloaltonetworks.com·Jun 7, 2023

CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief

Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671)

CVE-2023-1671 is a pre-authenticated command injection in Sophos Web Appliance. In this blog post, VulnCheck researchers analyze the vulnerability and develop a proof of concept (PoC) for it.

#vulncheck #EN #2023 #analysis #vulnerability #Sophos #CVE-2023-1671 #pre-authenticated #command #injection

·vulncheck.com·Apr 22, 2023

Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671)