78 matches found
AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials
Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...
Spoiler Alert: Your Favorite Content Might Not Be Secure
Securing intellectual property in the age of consolidation Rapid7, of course, is not in the entertainment industry. However, we have worked with some clients out there in that golden land of dreams and enchantment—also known as Hollywood. Case in point: the company formerly known as Discovery, In...
CVE-2022-32427
PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. This issue has been resolved in PrinterLogic Windows Client...
CVE-2022-32427
The CVE-2022-32427 issue affects PrinterLogic Windows Client (versions up to 25.0.0.676). It enables directory traversal by authenticated users with prior knowledge of the driver filename, potentially allowing privilege escalation or distribution of malicious content. The root cause is a path tra...
Livery Delivers a Seamless Low Latency Streaming Experience with Help from Akamai
Our new normal has ushered in the advent of hybrid events — a mix of in-person and virtual events. This has made seamless live streaming with active participation of the audience, both live and remote, more important than ever. Amsterdam-headquartered company Livery is an end-to-end SaaS solution...
CVE-2021-41190
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. ...
CVE-2021-41190
CVE-2021-41190 affects Buildah (and related OCI tooling) with versions less than 1.41.4-2. Root cause: OCI Distribution Specification prior to 1.0.1 allowed ambiguity when documents contain both manifests and layers or config without a consistent Content-Type header; the mediaType in manifests/in...
PT-2021-7848 · Unknown +7 · Oci Distribution Specification +7
Name of the Vulnerable Software and Affected Versions: OCI Distribution Specification versions 1.0.0 and prior Description: The issue concerns the OCI Distribution Specification, which defines an API protocol for content distribution. In versions 1.0.0 and prior, the Content-Type header alone was...
Apache Traffic Control LDAP filter injection vulnerability
Apache Traffic Control is a distributed and scalable content distribution solution from the Apache Foundation. An LDAP injection vulnerability exists in Apache Traffic Control, which stems from the fact that a user can send a request with a crafted username to any API version of the POST/login...
Apache Traffic Control input validation error vulnerability
Apache Traffic Control is a distributed and scalable content distribution solution from the Apache Foundation. Apache Traffic Control Traffic Ops is vulnerable to an input validation error, which is caused when an authenticated Apache Traffic Control Traffic Ops user with portal-level privileges...
New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue could affect...
Watermarking: A Content Owner's Mark to Prevent Piracy
Akamai Adds Edge Based Watermarking Support, Pre Integrated with leading 3rd Party Providers ... State of Online Piracy within Media and Entertainment Revenue losses and lost monetization opportunities by virtue of content theft and piracy continue to plague the media and entertainment industry...
Go Live! Addressable, Ad-Supported, Live Video At Scale
Live streaming poses a unique set of challenges and online audiences can only be monetized to the extent that they remain engaged. From an advertising perspective, the viewing experience between your live content and the ads needs to not only be seamless, but also highly targeted in order to...
ThreatList: Almost Half of the World’s Top Websites Deemed ‘Risky’
Nearly half of the world’s most popular websites are risky places to visit, according to a fresh analysis of top Alexa sites. Vulnerable code, the running of active content from risky background sites, and large amounts of code downloads marked a good chunk of the top 50 websites used in all of t...
Osprey <= 1.0 GetRecord.php Remote File Include Vulnerability
No description provided by source. --------------------------------------------------------------------------- Osprey = 1.0 libdir Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team :...
Hacking Demo On Facebook Photos Leads To Arrest and Privacy Questions
A public demonstration of a weakness in Facebook’s account security has attracted the attention of law enforcement in Australia and raised questions about the ability of social networks to protect user data. Security researcher Christian Heinrich conducted a brute force attack against the Faceboo...
SA-CONTRIB-2010-018 - Content Distribution - Multiple Vulnerabilities
Content Distribution module allows calling a method to delete particular nodes using a XML-RPC call. When this method is allowed to be called by anonymous users in user permissions, an attacker might delete a random node. In addition, certain actions require Content Distribution to temporarily...
WAXTRAPP XSS vuln.
WAXTRAPP XSS vuln. Vuln. discovered by : r0t Date: 22 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/waxtrapp-xss-vuln.html vendor:http://www.waxtrapp.com affected version:3.0.x already tested on 3.0.1 and previous versions. Product Description: WAXTRAPP is a development platform...