17 matches found
How Attackers Bypass Synced Passkeys
TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure...
Improper Authorization
@finos/git-proxy is vulnerable to Improper Authorization. The vulnerability is due to improper validation of branch creation workflows due to the way GitProxy handles new branch creation, allowing attackers to bypass approval of prior commits on the parent branch...
CVE-2024-47832
CVE-2024-47832 affects ssoready (SSOReady) when self-hosted as a Docker-based IDP. The issue is an XML signature bypass caused by differing XML parser behaviors, enabling signature bypass if an attacker can access certain IDP-signed messages. Public hosted instance (https://ssoready.com) is unaff...
PT-2024-18388 · Autogpt · Autogpt
Name of the Vulnerable Software and Affected Versions: AutoGPT versions v0.5.0 through v5.1.0 Description: The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to...
teler-waf 安全漏洞
teler-waf is a Go HTTP middleware that provides teler IDS functionality to prevent Web-based attacks and improve the security of Go-based Web applications. It is highly configurable and easy to integrate into existing Go applications. A security vulnerability exists in teler-waf versions prior to...
Sandbox Restrictions Bypass
Artifex Ghostscript is vulnerable to sandbox restrictions bypass attacks. This allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator which may lead to perform unauthorized actions...
Sandbox Restrictions Bypass
Artifex Ghostscript is vulnerable to sandbox restrictions bypass attacks. This allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object...
Authorization Bypass
openstack-foreman-installer is vulnerable to authorization bypass attacks. The vulnerability exists as the default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for...
Policy Bypass
github.com/twistlock/authz is vulnerable to policy bypass attacks. The vulnerability exists due to the usage of weak regular expressions to control the access of docker commands through URL, allowing policy bypass attacks...
Software Defined Radio Attack Tool: RFCrack
RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...
Integer overflow
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data AAD and ciphertext so that different plaintext is obtained for the same HMAC...
CVE-2017-12972
CVE-2017-12972 : Nimbus JOSE+JWT before 4.39 has no integer-overflow check when converting length values from bytes to bits, enabling a remote attacker to perform a HMAC bypass by shifting AAD and ciphertext so different plaintext yields the same HMAC. Public records show this vulnerability discu...
The ASLR protection mechanism is a breakthrough attack technical analysis-vulnerability warning-the black bar safety net
Recently, hardware-based attacks have been started by Rowhammer memory leaks or bypass the address space layout randomization protection mechanisms to attack the system, these attacks are based on the processor's memory management unit MMU with a page table interactive interactive manner. These...
Microsoft Tears off the Band-Aid with EMET
Microsoft last week extended the end-of-life expiration date to July 2018 on its exploit mitigation add-on, the Enhanced Mitigation Experience Toolkit EMET. But for some time, the once-useful tool has been well on its way out to pasture. While EMET was never meant to be anything more than stopgap...
Adobe AIR <= AIR 14.0.0.110 Multiple Vulnerabilities (APSB14-17)
According to its version, the instance of Adobe AIR on the remote Windows host is equal or prior to 14.0.0.110. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. CVE-2014-4671 -...
Flash Player for Mac <= 14.0.0.125 Multiple Vulnerabilities (APSB14-17)
According to its version, the instance of Flash Player installed on the remote Mac OS X host is equal or prior to 14.0.0.125. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data...
Adobe Patches Critical Memory Vulnerabilities in Flash Player, AIR
Adobe has repaired a number of critical vulnerabilities in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. None of the vulnerabilities are being exploited, Adobe said, and added that users should upgrade Flash Player. Version...