Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Ivanti Connect Secure Unauthenticated Remote Code Execution

This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.

Packet Storm
Open in Source
#vulnerability#linux#git#rce#ssrf#auth#ssl
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, have been discovered following a

Fuelflow 1.0 SQL Injection

Fuelflow version 1.0 suffers from a remote SQL injection vulnerability.

ITFlow Cross Site Request Forgery

ITFlow versions prior to commit 432488eca3998c5be6b6b9e8f8ba01f54bc12378 suffer from a cross site request forgery vulnerability.

Red Hat Security Advisory 2024-0845-03

Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-0832-03

Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.

GHSA-q2cv-7j58-rfmj: Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting

Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.

Crypto Exchange FixedFloat Hacked: $26 Million in BTC, ETH Stolen

By Deeba Ahmed FixedFloat suffered a significant loss of over 1,700 Ethereum and over 400 Bitcoin due to a drainer attack on February 18, 2024. This is a post from HackRead.com Read the original post: Crypto Exchange FixedFloat Hacked: $26 Million in BTC, ETH Stolen

Why Front-End Development Matters for Online Businesses?

By Owais Sultan Front-end development, sometimes called client-side development, creates CSS, HTML, and JavaScript for online apps and sites so users… This is a post from HackRead.com Read the original post: Why Front-End Development Matters for Online Businesses?

Anne Neuberger, a Top White House Cyber Official, Sees the 'Promise and Peril' in AI

Anne Neuberger, the Biden administration’s deputy national security adviser for cyber, tells WIRED about emerging cybersecurity threats—and what the US plans to do about them.