Code injection

An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails tha...

CVE-2019-20634

CVE-2019-20634 concerns Proofpoint Email Protection (through 2019-09-08). The issue enables an attacker to collect scores from Proofpoint email headers to build a copy-cat machine learning classification model and extract insights. Using those insights, the attacker can craft emails that receive ...

PT-2020-10610 · Proofpoint · Proofpoint Email Protection

Name of the Vulnerable Software and Affected Versions: Proofpoint Email Protection versions prior to 2019-09-08 Description: An issue was discovered in Proofpoint Email Protection. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classificati...

Tokyo Olympics Postponed, But 5G Security Lessons Shine

The 2020 Summer Olympics in Tokyo were officially postponed this week amid the ongoing, pandemic spread of the coronavirus that causes COVID-19. The Games will be moved to 2021, but in the meantime, technological innovation around the event will continue. More specifically, postponed or not, the...

Machine learning classifiers trained via gradient descent are vulnerable to arbitrary misclassification attack

Overview Machine learning models trained using gradient descent can be forced to make arbitrary misclassifications by an attacker that can influence the items to be classified. The impact of a misclassification varies widely depending on the ML model's purpose and of what systems it is a part...

Exploit for Path Traversal in Pivotal_Software Spring_Framework

Web-Security-Learning 项目地址： https://github.com/CHYbeta/Web-Security-Learning 最近更新日期为：2018/10/31。 同步更新于： chybeta: Web-Security-Learning 目录： - Web-Security-Learning - Web Security - sql注入 - MySql - MSSQL - PostgreSQL - MongoDB - 技巧 - 工具 - XSS - CSRF - 其他前端安全 - SSRF - XXE - JSONP注入 - SSTI - 代码执行 /...

Top 10 Most Innovative Cybersecurity Companies After RSA 2020

The RSA Conference, the world's leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss privacy, Machine Learning,...

GUnet OpenEclass 1.7.3 E-learning platform - (month) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...

GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection

Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2020-03-02 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...

Security Bulletin: A security vulnerability has been identified in TensorFlow shipped with PowerAI.

Summary Vulnerability CVE-2020-5215 found in TensorFlow package. Vulnerability Details CVEID: CVE-2020-5215 DESCRIPTION: Tensorflow is vulnerable to a denial of service, caused by a flaw when converting a string from Python to a tf.float16 value. By sending a specially-crafted string, a remote...

Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI.

Summary Vulnerability CVE-2019-19317 found in SQLite package. Vulnerability Details CVEID: CVE-2019-19317 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by an error in lookupName in resolve.c. By providing specially crafted input, a remote attacker could exploit this vulnerabili...

Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI.

Summary Multiple vulnerabilities CVE-2019-19242 and CVE-2019-19244 found in SQLite package. Vulnerability Details CVEID: CVE-2019-19242 DESCRIPTION: An unspecified error with the mishandling of pExpr-y.pTab in the sqlite3ExprCodeTarget function in expr.c in SQLite has an unknown impact and attack...

Deep Learning to Find Malicious Email Attachments

Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google's security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents...

New Research Paper: Prevalence and impact of low-entropy packing schemes in the malware ecosystem

Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can inhibit the abilit...

RSAC 2020: Lack of Machine Learning Laws Open Doors To Attacks

SAN FRANCISCO – As companies quickly adopt machine learning systems, cybercriminals are close behind scheming to compromise them. That worries legal experts who say a lack of laws swing open the door for bad guys to attack systems. During a panel session at RSA Conference 2020 this week, Cristin...

Gmail Is Catching More Malicious Attachments With Deep Learning

Users of Gmail get 300 billion attachments each week. To separate legitimate documents from harmful ones, Google turned to AI—and it’s working...

GUnet OpenEclass E-learning platform 1.7.3 - uname SQL Injection

GUnet OpenEclass E-learning platform 1.7.3 - uname SQL Injection Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...

Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT

Since at least 2017, there has been a significant increase in public disclosures of ransomware incidents impacting industrial production and critical infrastructure organizations. Well-known ransomware families like WannaCry, LockerGoga, MegaCortex, Ryuk, Maze, and now SNAKEHOSE a.k.a. Snake /...

GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection

Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...

Security Bulletin: A security vulnerability has been identified in libjpeg-turbo shipped with PowerAI.

Summary Vulnerability CVE-2019-2201 found in libjpeg-turbo package. Vulnerability Details CVEID: CVE-2019-2201 DESCRIPTION: libjpeg-turbo could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and subsequent heap corruption. By persuading a victim to...