Tag
Oracle Weblogic versions 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 prior to the Jan 2023 security update are vulnerable to an unauthenticated remote code execution vulnerability due to a post deserialization vulnerability. This Metasploit module exploits this vulnerability to trigger the JNDI connection to a LDAP server you control. The LDAP server will then respond with a remote reference response that points to a HTTP server that you control, where the malicious Java class file will be hosted. Oracle Weblogic will then make an HTTP request to retrieve the malicious Java class file, at which point our HTTP server will serve up the malicious class file and Oracle Weblogic will instantiate an instance of that class, granting us remote code execution as the oracle user.
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.
A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa. "Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information," cybersecurity company Check Point said in a
Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
YouTube released a statement that “we will stop removing content that advances false claims that widespread fraud, errors, or glitches occurred in the 2020 and other past US Presidential elections.”
Categories: Business We're excited to announce Report 2.0, a major upgrade to our report system in Nebula. (Read more...) The post Unveiling Nebula's Report 2.0: A new approach to security reporting appeared first on Malwarebytes Labs.
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
By Habiba Rashid The massive and sophisticated mobile malware campaign has been operating undetected on Android devices across the globe for more than six months. This is a post from HackRead.com Read the original post: Global Malware Attack Imitates VPN and Security Apps on Android Phones