Arbitrary File Read Vulnerability in Blue Route Blog System

Shenzhen Blue Route Technology Co., Ltd, provides cloud computing products, cloud computing solutions, enterprise cloud application software, etc., is committed to providing customers with professional cloud services. Blue Route blog system there is an arbitrary file reading vulnerability,...

File Upload Vulnerability in Blue Route Blog System

Shenzhen Blue Route Technology Co., Ltd, provides cloud computing products, cloud computing solutions, enterprise cloud application software, etc., is committed to providing customers with professional cloud services. Blue Route blog system file upload vulnerability, attackers can use the...

Improve security with a Zero Trust access model

Zero Trust is a security model that I believe can begin to turn the tide in the cybersecurity battles. Traditional perimeter-based network security has proved insufficient because it assumes that if a user is inside the corporate perimeter, they can be trusted. We’ve learned that this isn't true...

Blue Route Blog System v1.0 Has Arbitrary File Deletion Vulnerability

Shenzhen Blue Route Technology Co., Ltd. provides cloud computing products, cloud computing solutions, enterprise cloud application software, etc., and is committed to providing professional cloud services for customers. Blue Route blog system v1.0 exists arbitrary file deletion vulnerability. An...

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), ai.databand:dbnd-agent (>=0.42.1 <=0.80.6) +11468 more potentially affected by CVE-2019-16942 via com.fasterxml.jackson.core:jackson-databind (>=2.7.0 <=2.8.11.4)

com.fasterxml.jackson.core:jackson-databind MAVEN version =2.7.0, =0.3.0, =0.42.1, =0.42.1, =0.40.2, =0.42.1, =0.1.8, =0.2, =0.5, =0.8.0, =2.3.0, =1.5.6, =4.2.1, =4.4.1, =3.3.3, =3.3.8 and more Source cves: CVE-2019-16942 Source advisory: OSV:GHSA-MX7P-6679-8G3Q...

The hidden costs of security breaches

The real cost of a security breach to your business is larger than many imagine. On the surface there is incredible expensive to recovering from breaches. What is often also at risk is the inestimable damage to company morale, brand reputation, and operations. The post The hidden costs of securit...

File Upload Vulnerability in Z-Blog

Z-Blog is an open source program based on Asp and PHP platforms. Z-Blog has a file upload vulnerability that can be exploited by an attacker to gain control of the web server...

What is Kubernetes?

Kubernetes is becoming a common enough word, but what is it, how does it benefit your world, and how does it work? The post What is Kubernetes? appeared first on Wallarm Blog...

PHP Remote Code Execution 0-Day Discovered in Real World CTF Exercise

When a security researcher found an unusual PHP script while solving an hCorem Capture the Flag task, it reveal hundreds of millions of users are vulnerable to attack. Learn the deep tech. The post PHP Remote Code Execution 0-Day Discovered in Real World CTF Exercise appeared first on Wallarm Blo...

In Hong Kong, Which Side Is Technology On?

Both. Yes, authoritarians have co-opted tech. But the story is far from over...

Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments

Impact Temporary repository tokens were leaked into Pull Requests comments in during certain Go Modules update failure scenarios. Patches The problem has been patched. Self-hosted users should upgrade to v19.38.7 or later. Workarounds Disable Go Modules support. References Blog post:...

GHSA-V7X3-7HW7-PCJG Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments

Impact Temporary repository tokens were leaked into Pull Requests comments in during certain Go Modules update failure scenarios. Patches The problem has been patched. Self-hosted users should upgrade to v19.38.7 or later. Workarounds Disable Go Modules support. References Blog post:...

An Analog Approach to Secure Operations in Kubernetes

Security is not something you achieve. It's something you continually take care of and understand as constantly transforming. Here are our tips about your K8s cybersecurity The post An Analog Approach to Secure Operations in Kubernetes appeared first on Wallarm Blog...

Introducing the ElectionGuard Bounty program

Announcing the new ElectionGuard Bounty program The post Introducing the ElectionGuard Bounty program appeared first on Microsoft Security Response Center...

Node.js third-party modules: Stored XSS (Hexo-admin plugin)

I would like to report Stored XSS in Hexo-admin It allows The Post editor functionality in the hexo-admin plugin 3.9.0 for Node.js is vulnerable to stored XSS via the content of a post. Module module name: Hexo-admin version: 3.9.0 npm page: https://www.npmjs.com/package/hexo-admin Module...

Announcing the Security Researcher Quarterly Leaderboard

Right before Black Hat USA 2019, we announced our new researcher recognition program, and at Black Hat we announced the top researchers from the previous twelve months. Since it’s easier to track your progress with regular updates than with just an annual report, we are excited to...

An intern's experience with Rust

Over the course of my internship at the Microsoft Security Response Center MSRC, I worked on the safe systems programming languages SSPL team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical...

Gila CMS Cross-Site Scripting Vulnerability (CNVD-2019-36960)

Gila CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in gila-blog and gila-mag in Gila CMS 1.11.4 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An...

Unicorn-Bios - Basic BIOS Emulator For Unicorn Engine

Basic BIOS emulator/debugger for Unicorn Engine. Written to debug the XEOS Operating System boot sequence. Usage: Usage: unicorn-bios OPTIONS BOOTIMG Options: --help / -h: Displays help. --memory / -m: The amount of memory to allocate for the virtual machine in megabytes. Defaults to 64MB, minimu...

CVE-2019-17535

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647...