Lucene search
K

157 matches found

Packet Storm
Packet Storm
added 2024/10/01 12:0 a.m.453 views

VICIdial Authenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VICIdial Authenticated Remote Code Execution', 'Description' = %q An attacker with authenticated access to VICIdial as an "agent" can execute...

9.8CVSS7AI score0.79059EPSS
Exploits12
Wallarm Lab
Wallarm Lab
added 2024/09/20 2:1 p.m.10 views

Chicago API Security Summit 2024

Thank You Chicago! Earlier this week we had the pleasure of hosting a regional API Security Summit in Chicago well, actually in Lombard. These summits bring together the local cybersecurity community for half-day of API Security-focused content, including expert speakers and panelists. While this...

8.1AI score
Exploits0
NVD
NVD
added 2024/09/10 8:15 p.m.45 views

CVE-2024-8504

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective...

8.8CVSS0.75384EPSS
Exploits7References3
CVE
CVE
added 2024/09/10 7:23 p.m.139 views

CVE-2024-8504

CVE-2024-8504 is an authenticated Remote Code Execution in VICIdial (v2.14-917a) via OS command injection. An attacker with agent-level access can run commands as root; the issue can be chained with CVE-2024-8503 (unauthenticated SQLi) to escalate from unauthenticated context. Public sources conf...

8.8CVSS9.4AI score0.75384EPSS
Exploits7References3
Debian CVE
Debian CVE
added 2024/08/28 12:0 a.m.10 views

CVE-2023-45896

ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media and then leveraging local access to trigger an out-of-bounds read. A length val...

7.1CVSS6.3AI score0.00195EPSS
Exploits0
Akamai Blog
Akamai Blog
added 2024/08/16 5:0 a.m.9 views

Akamai’s Perspective on August’s Patch Tuesday 2024

...

7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2024/07/02 9:0 a.m.12 views

Examining the Polyfill Attack from Akamai's Point of View

...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2024/05/29 2:51 p.m.33 views

HackerOne: [Spot Check] - Ability to disclose metadata about Spot Checks (Number of Hackers + Hackers Criteria) via "SpotCheckSingleQuery"

A vulnerability was discovered that allowed hackers to disclose private metadata about Spot Checks, including the number of hackers and the selection criteria. The vulnerability was triggered by navigating to a specific URL and accessing the "SpotCheckSingleQuery" parameter, which returned this...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2024/04/13 2:10 a.m.0 views

SUSE CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

5.9CVSS7.1AI score0.00991EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/11 12:0 a.m.13 views

CVE-2024-23724

Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view th...

6.9AI score0.03485EPSS
Exploits1References3
Wallarm Lab
Wallarm Lab
added 2024/02/07 10:23 a.m.21 views

Digital Experience Monitoring | What Is DEM?

Introduction to Digital Experience Monitoring: Illuminating the Basics In an era governed by technology, the satisfaction of an end-user is of utmost importance. It has the power to stimulate or to halt business growth, and frequently determines if a client continues or discontinues their...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/21 10:53 a.m.33 views

Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial...

6.7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/12/19 4:0 p.m.5 views

Expanded Coverage and New Attack Path Visualizations Help Security Teams Prioritize Cloud Risk and Understand Blast Radius

Cloud environments differ in a number of ways from more traditional on-prem environments. From the immense scale and compounding complexity to the rate of change, the cloud creates a host of challenges for security teams to navigate and grapple with. By definition, anything running in the cloud h...

6.6AI score
Exploits0
Akamai Blog
Akamai Blog
added 2023/11/16 3:0 p.m.19 views

Akamai’s Perspective on November’s Patch Tuesday 2023

...

7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2023/10/12 2:0 p.m.15 views

Akamai’s Perspective on October’s Patch Tuesday 2023

...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/10/11 12:0 a.m.25 views

Transactional Rollback Strategies with Spring Cloud Stream and Apache Kafka

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications In th...

6.8AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/09/18 1:15 p.m.19 views

Wallarm Webinar: NIST CSF 2.0, API Security, and CISO Imperatives

Last week, our good friend Raj Umadas, Director of Security at ActBlue, teamed up with our very own Tim Erlin, Head of Product, to talk about the newly proposed NIST Cybersecurity Framework CSF. It was a fantastic discussion covering the intent behind this update, the major changes from v1.1 to...

6.8AI score
Exploits0
Akamai Blog
Akamai Blog
added 2023/09/15 2:0 p.m.18 views

Akamai’s Perspective on September’s Patch Tuesday 2023

...

7AI score
Exploits0
OSV
OSV
added 2023/08/24 12:53 p.m.11 views

GHSA-Q4PP-J36H-3GQG Minimal `basti` IAM Policy Allows Shell Access

Summary The provided Minimal IAM Policy for bastic connect does not include ssm:SessionDocumentAccessCheck. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. Details basti connect is designed to "securely connect to your...

7AI score
Exploits0References3
Cvelist
Cvelist
added 2023/08/17 12:0 a.m.14 views

CVE-2023-39125

NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmprw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested program, it's just something to demonstrate it works and fo...

7.9AI score0.00612EPSS
Exploits1References1
Rows per page
Query Builder