CVE-2024-23639

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

Design/Logic Flaw

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

The vulnerability of the GLPI system’s request and incident handling process, related to improper input cancellation during the generation of web pages, allows attackers to carry out attacks using cross-site scripts.

The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data in the administration panel. Users can inject and execute arbitrary HTML and scripts in the user’s browser within the context of the vulnerable website. Exploiting this...

The vulnerability in the web interface of the Cisco Prime Collaboration Deployment software allows a attacker to disclose sensitive information, alter the appearance of the web page, and perform phishing attacks as well as “drive-down” attacks.

The vulnerability in the Cisco Prime Collaboration Deployment software’s web interface exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to disclose sensitive information, alter the appearance of the website, and perfor...

The vulnerability of Cisco Webex Meetings’ software web interface stems from the lack of protective measures for the website structure. This allows attackers to disclose protected information, alter the appearance of the website, and perform phishing attacks as well as “drive-by” attacks.

The vulnerability of Cisco Webex Meetings’ software web interface exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to disclose protected information, alter the appearance of the website, and perform phishing attacks ...

Bad Rabbit ransomware

UPDATE 27.10.2017. Decryption opportunity assessment. File recovery possibility. Verdicts What happened? On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been report...

Expired domain names and malvertising

In Q1 and Q2 of 2017, we noticed a sharp decline in drive-by downloads coming from compromised websites. The campaigns of the past are either gone Pseudo Darkleech or have changed focus EITest using social engineering techniques. Malvertising - which has remained steady and is currently the main...

The “elegance”of Linux vulnerabilities: rare ways to bypass the ASLR and DEP protection mechanisms-vulnerability warning-the black bar safety net

! The recent foreign researchers published a exp code in the finished patch to the Fedora and other Linux system on the drive-by attacks, in order to install keyloggers, backdoors and other malicious software. This exp is for the GStreamer framework in a memory-corruption vulnerability that...

ALERT: This New Ransomware Steals Passwords Before Encrypting Files

You should be very careful while visiting websites on the Internet because you could be hit by a new upgrade to the World's worst Exploit Kit – Angler, which lets hackers develop and conduct their own drive-by attacks on visitors' computers with relative ease. Many poorly-secured websites are...

Cross-Site Scripting (XSS) in Revive Adserver

High-Tech Bridge Security Research Lab discovered an XSS vulnerability in Revive Adserver formerly known as OpenX Source, which can be exploited to perform Cross-Site Scripting attacks against authenticated users and administrators of the vulnerable application leading to total compromise of the...

Red Button Attack Could Compromise Smart TVs

A vulnerability in an emerging interactive television standard could expose smart TVs to untraceable drive-by hacking attacks that could steal personal information and wreak havoc on televisions and anything connected to them. The feature, HbbTV, Hybrid Broadcast Broadband Television was introduc...

FBI raids BlackShades RAT Malware Customers in Europe and Australia

When it comes to crime, whether it’s an online or offline, FBI doesn't spare anyone. According to the French media reports and various announcements on underground forums by hacking groups, the FBI has started a large-scale operation of International raids with the help of local law enforcement...

Internet Explorer zero-day vulnerability actively being exploited in the wild

Security researchers at FireEye have detected a new series of drive-by attacks based on a new Internet Explorer zero-day vulnerability. The attackers breached a website based in the US to deploy the exploit code to conduct a classic watering hole attack. The discovery was announced just a few day...

Internet Explorer zero-day vulnerability actively being exploited in the wild

Security researchers at FireEye have detected a new series of drive-by attacks based on a new Internet Explorer zero-day vulnerability. The attackers breached a website based in the US to deploy the exploit code to conduct a classic watering hole attack. The discovery was announced just a few day...

Microsoft's Patch Tuesday fully loaded with patch for 57 security flaws

Microsoft next updates are fully loaded with 57 different security vulnerabilities through 12 separate updates. It will roll out fixes as it always does on Patch Tuesday, the second Tuesday of every month. Anyone who uses Windows as their primary operating system will be quite familiar with Patch...

New Linux Rootkit Emerges

A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for...

Window 8 will get its first critical patch this Friday

The Windows 8 and Windows RT security updates will be the first shipped since those operating systems' launch on Oct. 26. The latest vulnerabilities include three critical security vulnerabilities for Windows 8, and one critical security vulnerability for the Surface-based Windows RT operating...

Firefox 17 Beta Released with Click-to-Play Plugins for blocking vulnerable Plugins

Last week, Mozilla announced it will prompt Firefox users on Windows with old versions of Adobe Reader, Adobe Flash, and Microsoft Silverlight, but refused to detail how the system will work. Finally today Firefox 17 is now in beta and with it is a very cool feature, click-to-play plugins. When a...

Mozilla Adds Click-to-Play Plugin Security Feature to Firefox Beta

Attackers have been going after vulnerabilities in browser plugins and extensions for years now, as they know that users are slow about updating these components. Even if users have the browser set to update automatically, the third-party components are a separate issue and need to be patched on...