Security
Headlines
HeadlinesLatestCVEs

Tag

#oauth

VMware Workspace ONE Access Template Injection / Command Execution

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user.

Packet Storm
#vulnerability#linux#apache#git#vmware#oauth#auth#ssl
Ruijie RG-EW Remote Code Execution

Ruijie RG-EW series routers suffer from six different remote code execution vulnerabilities. Findings were tested on Ruijie RG-EW1200 and Ruijie RG-EW1200G PRO.

CVE-2022-0916: Logitech Options

An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was "Highly Targeted"

Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley said in an

The top 5 most routinely exploited vulnerabilities of 2021

International cybersecurity authorities have published an overview of the most routinely exploited vulnerabilities of 2021. The post The top 5 most routinely exploited vulnerabilities of 2021 appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-5397-1

Ubuntu Security Notice 5397-1 - Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information.

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.

Doppler Takes on Secrets Management

The startup is the latest company to try to solve the problem of organizing and sharing secrets.

Zepp 6.1.4-play User Account Enumeration

Zepp version 6.1.4-play suffers from a user account enumeration flaw in the password reset function.