The severity of the Elevation of Privilege – Windows Kernel-Mode Driver (CVE-2024-35250) vulnerability has increased

The severity of the Elevation of Privilege - Windows Kernel-Mode Driver CVE-2024-35250 vulnerability has increased. This vulnerability was fixed as part of the June Microsoft Patch Tuesday. As in the case of the CVE-2024-30090 vulnerability, it was discovered by a researcher with the nickname...

The severity of the Elevation of Privilege – Microsoft Streaming Service (CVE-2024-30090) vulnerability has increased

The severity of the Elevation of Privilege - Microsoft Streaming Service CVE-2024-30090 vulnerability has increased. The vulnerability was fixed as part of the June Microsoft Patch Tuesday. At that time, no one highlighted this vulnerability. The vulnerability was discovered by a researcher with...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2024-30090 - LPE PoC CVE-2024-30090https://msrc.mic...

Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE

...

Improving Apache httpd Protections Proactively with Orange Tsai of DEVCORE

...

Exploit for OS Command Injection in Php

CVE-2024-4577 A Proof of Concept developed by @watchTowrhtt...

Exploit for OS Command Injection in Php

CVE-2024-4577 A Proof of Concept developed by @watchTowrhtt...

Exploit for OS Command Injection in Php

Orange Tsi 🍊 This vulnerability was found by Orange Tsai @oran...

Exploit for OS Command Injection in Php

Orange Tsi 🍊 This vulnerability was found by Orange Tsai @oran...

WordPress VeronaLabs WP Statistics 13.1.4 SQL Injection

On February 7, 2022, Security Researcher Cyku Hong from DEVCORE reported a vulnerability to us that they discovered in WP Statistics, a WordPress plugin installed on over 600,000 sites. This vulnerability made it possible for unauthenticated attackers to execute arbitrary SQL queries by appending...

New Samba Bug Allows Remote Attackers to Execute Arbitrary Code as Root

Samba has issued software updates to address multiple security vulnerabilities that, if successfully exploited, could allow remote attackers to execute arbitrary code with the highest privileges on affected installations. Chief among them is CVE-2021-44142, which impacts all versions of Samba...

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as...

Latest Microsoft Windows Updates Patch Dozens of Security Flaws

Microsoft on Tuesday rolled out its scheduled monthly security update with patches for 55 security flaws affecting Windows, Exchange Server, Internet Explorer, Office, Hyper-V, Visual Studio, and Skype for Business. Of these 55 bugs, four are rated as Critical, 50 are rated as Important, and one ...

Exploit for Server-Side Request Forgery in Microsoft

ProxyLogon-CVE-2021-26855 RCE exploit for ProxyLogon vulnerabi...

A Basic Timeline of the Exchange Mass-Hack

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Heres a brief timeline of what we know leading up to last weeks mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromise...

Potential Remote Code Execution vulnerability

Packages nette/application versions prior to 2.2.10, 2.3.14, 2.4.16, 3.0.6 and nette/nette versions prior to 2.0.19 and 2.1.13 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Reported by Cyku Hong from DEVCORE...

U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███)

The Pulse Secure SSL VPN was found to be vulnerable to multiple issues, including pre-authentication arbitrary file reading CVE-2019-11510 and post-authentication command injection CVE-2019-11539. These vulnerabilities were discovered and disclosed by security researcher Orange Tsai. The...

Ruby on Rails: Path Traversal on Default Installed Rails Application (Asset Pipeline)

There is an information leak vulnerability in Sprockets. This vulnerability has been assigned the CVE identifier CVE-2018-3760. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Not affected: NONE Fixed Versions: 4.0.0.beta8, 3.7.2, 2.12.5 Impact ------ Specially crafte...