Wordfence Intelligence Launching at Black Hat 2022 in Las Vegas Next Week

Wordfence protects over 4 million websites around the world on 12,000 unique networks, and we block over 1.8 billion attacks targeting those websites every month. For years we have had a relationship with our customers that is a virtuous cycle: We receive attack reports from our customers at a ra...

Threat Source newsletter (Aug. 4, 2022) — BlackHat 2022 preview

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. After what seems like forever and honestly has been a really long time, we’re heading back to BlackHat in-person this year. We’re excited to see a lot of old friends again to commiserate, hang out, trade stories and...

What We're Looking Forward to at Black Hat, DEF CON, and BSidesLV 2022

The week of Black Hat, DEF CON, and BSides is highly anticipated annual tradition for the cybersecurity community, a weeklong chance for security pros from all corners of the industry to meet in Las Vegas to talk shop and share what they've spent the last 12 months working on. But like many belov...

CVE-2022-27255

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data...

lrzip 安全漏洞

lrzip is a compression utility program by the individual developer Con Kolivas. A security vulnerability exists in lrzip version 0.641, which stems from a memory leak in nasmmalloc in its steam.c component...

con-ip.com Cross Site Scripting vulnerability OBB-2484766

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

An Elaborate Employment Con in the Internet Age

The story is an old one, but the tech gives it a bunch of new twists: Gemma Brett, a 27-year-old designer from west London, had only been working at Madbird for two weeks when she spotted something strange. Curious about what her commute would be like when the pandemic was over, she searched for...

CVE-2021-45391

A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21CN in the sub422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service...

CVE-2021-22809

A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious .gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schneider Electric GUIcon Version 2.0 Build 683.003 and prior...

con-truss.pl Cross Site Scripting vulnerability OBB-2339638

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

techno-con.co.jp Cross Site Scripting vulnerability OBB-2309897

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

con-pearl.com Cross Site Scripting vulnerability OBB-2151889

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Github ulfius输入验证错误漏洞

Github ulfius is the HTTP framework for REST applications in C. An input validation error vulnerability exists in ulfius, which stems from the coninfo initialization of ulfiusurilogger and coninfo-request in the product failing to adequately check HTTP requests. The following products and version...

Directory traversal in Eclipse Mojarra

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter...

CVE-2020-18477

SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message concontent field...

[Security Nation] Daniel Crowley on Running a Cybersecurity Internship

!\Security Nation\ Daniel Crowley on Running a Cybersecurity Internshiphttps://blog.rapid7.com/content/images/2021/08/securitynationlogo-1.jpg On the latest episode of Security Nation, we’re joined by Daniel Crowley, IBM X-Force Red’s Research Director — aka Global Research Baron a title that...

Popular Attack Surfaces, August 2021: What You Need to Know

See the Updates section at the end of this post for new information as it comes to light. Whether you attended virtually, IRL, or not at all, Black Hat and DEF CON have officially wrapped, and security folks’ brains are replete with fresh information on new and some not-so-new vulnerabilities and...

Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371

A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files...

Metasploit Wrap-Up

Desert heat not the 1999 film This week was more quiet than normal with Black Hat USA and DEF CON, but that didn’t stop the team from delivering some small enhancements and bug fixes! We are also excited to see two new modules 15519 and 15520 from researcher Jacob Baines’ DEF CON talk ​​Bring You...

CVE-2021-38111

The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI Near Field Magnetic Induction protocol...