Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

EV Charging Stations at Risk of DoS Attacks

By Deeba Ahmed Although a fix is available to patch vulnerabilities, the EV industry is slow in applying the updates. This is a post from HackRead.com Read the original post: EV Charging Stations at Risk of DoS Attacks

HackRead
Open in Source
#vulnerability#web#ddos#auth#sap#ssl
Lenovo Diagnostics Driver Memory Access

This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes.

CVE-2023-25135: Unserializable, but unreachable: Remote code execution on vBulletin

vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.

AppSec Playbook 2023: Study of 829M Attacks on 1,400 Websites

The total number of 61,000 open vulnerabilities, including 1,700 critical ones that have been open for 180+ days, exposes businesses to potential attacks.

Content Delivery Network (CDN) FAQs

By Owais Sultan What is a CDN? How can businesses benefit from a CDN? and What to look for in a CDN provider? This is a post from HackRead.com Read the original post: Content Delivery Network (CDN) FAQs

CVE-2023-0599: Metasploit Release Notes

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.

Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions

The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.

CVE-2023-23130: GitHub - l00neyhacker/CVE-2023-23130: CVE-2023-23130

Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled.

CVE-2023-23692: DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.