Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889-POC A simple demo application that shows how to...

DHS Warning: Small Aircraft are Ripe for Hacking

The Department of Homeland Security issued an alert Tuesday warning that small aircraft are vulnerable to hackers that can gain physical access to a plane. It warned that a hacker can easily manipulate aircraft telemetry data, which can result in loss of control of the airplane. The bulletin was...

Patch Tuesday Lowdown, April 2019 Edition

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows, Internet Explorer IE and Edge browsers, Office,...

SCADA Vulnerabilities Identified in Power, Petrochemical Plants

More than 7,600 different power, chemical and petrochemical plants may still be vulnerable to a handful of SCADA vulnerabilities made public this week. A researcher at Rapid 7, the Boston-based firm responsible for the popular pen testing software Metasploit, and an independent security researche...

Metasploit Module Adds Sudo Vulnerability for OS X

Attackers looking to exploit a previously disclosed and apparently still unpatched bug in sudo, a Unix-based Linux command found in most Apple OS X builds have gotten a little more help this week. As Threatpost reported in March, the vulnerability CVE-2013-1775 can essentially set back the...

R7-0004: Multiple Vendor Long ZIP Entry Filename Processing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rapid 7, Inc. Security Advisory Visit http://www.rapid7.com/ to download NeXposetm, our advanced vulnerability scanner. Linux and Windows 2000 versions are available now! Rapid 7 Advisory R7-0004 Multiple Vendor Long ZIP Entry Filename Processing Issu...