EUVD-2022-39503

Malicious code in bioql PyPI...

Unredacting Pixelated Text

Experiments in unredacting text that has been pixelated...

Exploit for Server-Side Request Forgery in Anyscale Ray

CVE-2023-48022 CVE-2023-48022 explo...

Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw

No less than 330,000 FortiGate firewalls are still unpatched and vulnerable to CVE-2023-27997, a critical security flaw affecting Fortinet devices that has come under active exploitation in the wild. Cybersecurity firm Bishop Fox, in a report published last week, said that out of nearly 490,000...

Exploit for Out-of-bounds Write in Fortinet Fortios

CVE-2022-42475 Background This is the exploit for the blog...

CVE-2023-35170

creationtimestamp| type| source ---|---|--- 2023-06-20 18:36:50+00:00| published-proof-of-concept| https://github.com/BishopFox/sliver/security/advisories/GHSA-8jxm-xp43-qh3q...

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

Design/Logic Flaw

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox...

CVE-2022-36803

The CVE-2022-36803 vulnerability affects Atlassian Jira Align Server prior to version 10.109.2, due to improper access control in the MasterUserEdit API. An authenticated attacker with the People role can use MasterUserEdit to elevate any user’s role to Super Admin. The issue is explicitly tied t...

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment,...

Jira Align - Improper Authorization in MasterUserEdit API - CVE-2022-36803

The MasterUserEdit API in Atlassian Jira Align before version 10.109.2 allows an authenticated attacker with the People role permission can use the MasterUserEdit API to modify any users role to Super Admin. This vulnerability was reported by Jacob Shafer from Bishop Fox. Affected versions: versi...

GHSA-P7V4-GM6J-CW9M XSS in Mautic

Impact This is a cross-site scripting vulnerability relating to creating/editing a company which requires the user to be logged in as an administrator to be executed. This vulnerability was reported by Dardan Prebreza at Bishop Fox. Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x...

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE 4.9.10 or lower a...

GHSA-VRV8-V4W8-F95H Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE 4.9.10 or lower a...

Telerik UI - Remote Code Execution via Insecure Deserialization

See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with patching instructions. Install git clone...

Telerik UI - Remote Code Execution via Insecure Deserialization Exploit

Exploit for asp platform in category web applications Telerik UI - Remote Code Execution via Insecure Deserialization Exploit See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of...

Video: Bishop Fox on Device Threats and Layered Security

Threatpost talked to Christie Terrill, partner at Bishop Fox, about the top trends and security issues that were discussed at Black Hat USA in Las Vegas this month...

TIBCO Security Advisory: June 12, 2018 - TIBCO Runtime Agent -2018-5434

XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent Original release date: June 12,2018 Last revised: -- CVE-2018-5434 Source: TIBCO Software Inc. XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent Original release date: June 12, 2018 Last revised: -- Source...