5834 matches found
CVE-2010-3667
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...
CVE-2010-3667
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...
Why Cloud is the Future of Enterprise Cybersecurity
The speed at which cyberthreats have been targeting enterprise networks and endpoints is forcing IT leaders to change the way they think about cybersecurity. One alternative to how enterprises look at security is to treat cloud as an operating system, says Patrick Morley, general manager of VMwar...
CVE-2019-7619
Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm...
Updated php and pcre2 packages fix security vulnerabilities
Updated php and pcre2 packages fix security vulnerabilities: - FPM 78599 envpathinfo underflow in fpmmain.c can lead to RCE. CVE-2019-11043 - MBString 78633 Heap buffer overflow read in mberegi. - Mysqlnd 78525 Memory leak in pdo when reusing native prepared statements. - PCRE 78272 calling...
Intelligent Security System SecurOS Enterprise 10.2 - (SecurosCtrlService) Unquoted Service Path Exp
Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Exploit Author: Alberto Vargas Vendor Homepage: https://www.issivs.com/product-detail/secure-os-enterprise/ Software Link: https://www.issivs.com/schedule-a-free-demo/trial version for...
Unauthorized Access Vulnerability in Kong System
Kong is a cloud-native, fast, scalable distributed microservices abstraction layer also known as API Gateway, API Middleware or in some cases Service Mesh. Its core values are high performance and scalability and it was made available as an open source project in 2015. An unauthorized access...
Whatsapp 2.19.216 - Remote Code Execution
Whatsapp 2.19.216 - Remote Code Execution Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls...
Whatsapp 2.19.216 Remote Code Execution
Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls iteration for rop int dlcallbackstruct dlphdrinf...
Whatsapp 2.19.216 - Remote Code Execution
Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls iteration for rop int dlcallbackstruct dlphdrinf...
VMware Harbor Privilege Escalation (VMSA-2019-0015) (CVE-2019-16097)
The remote VMware Harbor cloud native registry is affected by a remote privilege escalation vulnerability. Instances of VMware Harbor with DB as the authentication backend and which allow users to self-register are vulnerable. An authenticated, non-administrator, remote attacker can exploit this ...
CVE-2018-12539
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...
ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shellcode Into A Standard Win32 Application
Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. With Thread Hijacking, it allows the hijacker.exe program to suspend a thread within the target.exe program allowing us to write shellcode to a thread. Usage int main System sys; Interceptor incp; Exceptio...
Autoscaling Wallarm Nodes in AWS, GCP, and Azure
Newly updated Wallarm Node images now natively support autoscaling capabilities in AWS, GCP, and Azure. Updated images are already available in cloud provider marketplaces and can rely on the native auto-scaling to adjust the number of nodes based on traffic, CPU load, and other parameters. What ...
Azure Sentinel—the cloud-native SIEM that empowers defenders is now generally available
Machine learning enhanced with artificial intelligence AI holds great promise in addressing many of the global cyber challenges we see today. They give our cyber defenders the ability to identify, detect, and block malware, almost instantaneously. And together they give security admins the abilit...
CVE-2019-16535
Аn OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. Eldar Zaitov of Yandex Information Security Team...
Updated tomcat packages fix security vulnerabilities
Updated tomcat packages fix security vulnerabilities: The HTTP/2 implementation accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet...
Mondoo - Cloud-Native Security And Vulnerability Risk Management
Quick Start Install mondoo: Workstation export MONDOOREGISTRATIONTOKEN='changeme' curl -sSL http://mondoo.io/download.sh | bash Service export MONDOOREGISTRATIONTOKEN='changeme' curl -sSL http://mondoo.io/install.sh | bash For other installation methods, have a look at our documentation. Run a...
The Future of Cloud Endpoint Protection Platform Starts Now
Each year, Gartner evaluates each competitive market according to customer feedback, detailed vendor surveys, and video demonstrations of the capabilities in action. Their flagship report for this analysis is the Magic Quadrant, and this year’s Endpoint Protection Platform EPP report has a lot to...
The Next Chapter in Our Story: VMware + Carbon Black
I am excited to share with you a significant milestone in Carbon Black’s history. Earlier today, Carbon Black entered into a merger with VMware, who as of moments ago announced its intention to acquire Carbon Black. You can also read the press release with more details here, but first I’d like to...