Tag
#oauth
This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user.
Ruijie RG-EW series routers suffer from six different remote code execution vulnerabilities. Findings were tested on Ruijie RG-EW1200 and Ruijie RG-EW1200G PRO.
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley said in an
International cybersecurity authorities have published an overview of the most routinely exploited vulnerabilities of 2021. The post The top 5 most routinely exploited vulnerabilities of 2021 appeared first on Malwarebytes Labs.
Ubuntu Security Notice 5397-1 - Patrick Monnerat discovered that curl incorrectly handled certain OAUTH2. An attacker could possibly use this issue to access sensitive information. Harry Sintonen discovered that curl incorrectly handled certain requests. An attacker could possibly use this issue to expose sensitive information.
Tokens stollen and abused but problem has been contained
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.
The startup is the latest company to try to solve the problem of organizing and sharing secrets.
Zepp version 6.1.4-play suffers from a user account enumeration flaw in the password reset function.