Learning with Texts 安全漏洞

Learning with Texts LWT is a software application by the individual developer Jon Gauthier. It allows users to import text, read, save, view and test words and expressions in multiple languages. A security vulnerability exists in Learning with Texts version 2.0.3, which stems from not filtering...

Black Hat USA 2024: Key Takeaways and Industry Trends

What a week! As Hacker Summer camp shifts into the rearview, it’s time to take a moment to reflect on the week, what we learned and the people we had the pleasure of meeting while out in Las Vegas. As is always the case at Black Hat 2024, the cybersecurity community was buzzing with the latest...

The vulnerability of the Layer 2 Address Learning Daemon (L2ALD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a hacker to induce a service failure.

The vulnerability of the Layer 2 Address Learning Daemon L2ALD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to insufficient checking of exceptional states. Exploiting this vulnerability can allow a malicious actor to trigger a service failure using specially...

Imperva Security Efficacy and Operational Efficiency Leads the Industry in SecureIQLab’s Cloud WAAP Comparative Report

In the 2024 Cloud Web Application and API Protection WAAP CyberRisk Comparative Validation Report from SecureIQLab, Imperva outperformed all other vendors in both security efficacy and operational efficiency. This comprehensive report, based on third-party testing, demonstrates Imperva's commitme...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

undertow: LearningPushHandler can lead to remote memory DoS attacks

A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the...

Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024

The Immersive Experience Happening This September in Las Vegas! In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled ...

DRUPAL-CONTRIB-2024-029

The Opigno Learning Path module enables you to manage group content. Administrative forms allow uploading malicious files which may contain arbitrary code RCE or cross site scriptiong XSS. These forms were not adequately controlled with permissions that communicate the severity of the permission...

DRUPAL-CONTRIB-2024-027

The Opigno group manager project is related to Opigno LMS distribution. It allows to build the contents of learning paths, by combining together modules, courses, and other activities, ordering them, and defining conditional rules for the transitions from one step to the next one. An administrati...

Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029

The Opigno Learning Path module enables you to manage group content. Administrative forms allow uploading malicious files which may contain arbitrary code RCE or cross site scriptiong XSS. These forms were not adequately controlled with permissions that communicate the severity of the permission...

Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027

The Opigno group manager project is related to Opigno LMS distribution. It allows to build the contents of learning paths, by combining together modules, courses, and other activities, ordering them, and defining conditional rules for the transitions from one step to the next one. An administrati...

Drupal Opigno Learning path module < 3.1.2 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability discovered by Marcin Grabias in WordPress Module Opigno Learning path versions 3.1.2...

The vulnerabilities of the ML connector functions and the Alerting service of the Kibana data visualization service allow a perpetrator to execute arbitrary code.

The vulnerability of the ML connector functions and the Alerting service of the Kibana data visualization service is related to uncontrolled changes in object prototype attributes. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

PT-2024-10350 · Unknown · Opigno Learning Path

Name of the Vulnerable Software and Affected Versions: Opigno Learning path versions 0.0.0 through 3.1.2 Description: The issue is related to improper neutralization of directives in statically saved code, also known as 'static code injection', which allows for PHP Local File Inclusion. This can...

PT-2024-5372 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana versions prior to 8.14.2 Kibana versions prior to 7.17.23 Description: A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to interna...

Kibana 8.14.2 / 7.17.23 Security Update (ESA-2024-22)

Kibana arbitrary code execution via prototype pollution ESA-2024-22 A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability,...

PT-2024-25059 · Qualcomm · Snapdragon +159

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue occurs when a driver accesses the ML IE memory and the offset value is incremented beyond the ML IE length, resulting in a transient Denial of...

Obfuscation: There Are Two Sides To Everything

How to detect and prevent attackers from using these various techniques Obfuscation is an important technique for protecting software that also carries risks, especially when used by malware authors. In this article, we examine obfuscation, its effects, and responses to it. What Is Obfuscation?...