Compromising F5 BIGIP with Request Smuggling | CVE-2023-46747
Our team identified a request smuggling vulnerability that led to complete compromise of an F5 system with the TMUI exposed.
Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers
ESET Research discover campaigns by the Winter Vivern APT group that exploit a zero-day XSS vulnerability in the Roundcube Webmail server and target governmental entities and a think tank in Europe.
VMSA-2023-0023
VMware vCenter Server updates address out-of-bounds write and information disclosure vulnerabilities
CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so
The Qualys Threat Research Unit (TRU) has discovered a buffer overflow vulnerability in GNU C Library's dynamic loader's processing of the GLIBC_TUNABLES…
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.
Vulnerability in popular ‘libwebp’ code more widespread than expected
Initial alerts about a bug in the obscure but widely used libwebp library have expanded into concerns that it affects not only web browsers like Chrome, but also many other common pieces of software.
GPU.zip
On the Side-Channel Implications of Hardware-Based Graphical Data Compression
Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes
Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.
CVE-2023-34127
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authe…
2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution
New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips
The vulnerability could allow attackers to take advantage of an information leak to steal sensitive details like private messages, passwords, and encryption keys.
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability | Rapid7 Blog
Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2 and below).
Ivanti warns of second vulnerability used in attacks on Norway gov’t
A second vulnerability affecting mobile endpoint management software from IT giant Ivanti has been discovered, according to a new advisory from the company.
Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices.
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent
The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH's forwarded ssh-agent. This vulnerability allows a remote…
CVE-2022-41352
On September 25, 2022, CVE-2022-41352 was filed for Zimbra Collaboration Suite. The vulnerability is a remote code execution flaw that arises from unsafe usage…
CVE-2022-35650 Analysis
CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.
Exploiting an Unbounded memcpy in Parallels Desktop
This post details the development of a guest-to-host virtualization escape for Parallels Desktop on macOS, as used in our successful Pwn2Own 2021 entry. Give...
Zyxel silently patches command-injection vulnerability with 9.8 severity rating
Flaw makes it possible to install web shell to maintain control of affected devices.
PROPHET SPIDER Exploits Citrix ShareFile
At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools. This incident highlights how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
chonked pt.2: exploiting cve-2023-33476 for remote code execution
second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.
KeePassXC Vulnerability CVE-2023-35866 allows attackers to change the master password and second-factor authentication settings
The core of CVE-2023-35866 lies in disturbing ease of access. A local attacker, within an authenticated KeePassXC Database session
A simple bug exposed access to thousands of smart security alarm systems
The vulnerability — now fixed — was discovered in a cloud-based system that allows customers to remotely manage their security alarm systems.
CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief
On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Rapid7 is observing exploitation of a critical vulnerability in Progress Software’s MOVEit Transfer solution across multiple customer environments.
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
A new vulnerability, which we refer to as “Migraine” for its involvement with macOS migration, could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) in macOS and perform arbitrary operations on a device
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
Analysis of a zero-day vulnerability in MOVEit Transfer, and containment and hardening guidance.
WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers
A vulnerability in a WordPress plugin exposed the official website of sports car maker Ferrari to hacker attacks.