CVE-2024-24593

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

Expeditionary Cyberspace Operations

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure. A revised version of Joint Publication 3-12 Cyberspace...

PHOENIX CONTACT FL NAT SMx

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Phoenix Contact Equipment: FL NAT SMx Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthorized users full access to the...

Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly

WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a tool suite – which is being used by the CIA for Microsoft Windows that targets "closed networks by air gap jumping using thumb drives," mainly implemented in enterprises and critical infrastructures. Air-gapped...

Сканирование портов через cachemgr.cgi в squid (unauthorized access)

Можно пробовать подключаться к портам внутри закрытой сети...