Optimizing Agent Planning for Security and Autonomy

Indirect prompt injection attacks threaten AI agents that execute consequential actions, motivating deterministic system-level defenses. Such defenses can provably block unsafe actions by enforcing confidentiality and integrity policies, but currently appear costly: they reduce task completion...

injection-research

injection-research A study comparing injection vulnerabilities...

Resilient Distribution Network Planning against Dynamic Malicious Power Injection Attacks

Active distribution networks facilitating bidirectional power exchange with renewable energy resources are susceptible to cyberattacks due to integration of a diverse array of cyber components. This study introduces a grid-level defense strategy aimed at enhancing attack resiliency based on...

CVE-2024-45797 LibHTP's unbounded header handling leads to denial service

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-45797

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme slowdowns. This issue is addressed in 0.5....

CVE-2024-28871

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available...

CVE-2024-28871 Excessive CPU used on malformed traffic

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available...

CVE-2024-28871 Excessive CPU used on malformed traffic

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available...

CVE-2024-23837

LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46...

verifySignatureWithKey - RRSIG RR's Signer's Name is never checked if it matches owner name

Lines of code Vulnerability details Impact According to RFC 4035 and as mentioned in the comments in function "verifySignatureWithKey" , the Signer's name should also be checked if it matches the owner name. If the Signer's Name field of an RRSIG record does not match the owner name of a DNSKEY...

[SECURITY] Fedora 21 Update: libhtp-0.5.16-1.fc21

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. The goals of the project, in the order of importance, are as follows: 1. Completeness of coverage; 2. Permissive parsing; 3. Awareness of evasion techniques; 4. Performance;...

OpenICS ICS Protocol Decoder Builds Data Dictionaries

Industrial control system security has been called archaic, laughable and even non-existent. Most ICS and SCADA systems weren’t built with the Internet in mind, much less security, but yet they are at the forefront of manufacturing, building automation and critical infrastructure operations...

ZetaBoards Cross Site Scripting

Exploit Title: ZetaBoards Cross Site Scripting Date: 6.03.2012 Author: Sony Software Link: http://www.zetaboards.com/ Google Dorks: intext:Hosted for free by ZetaBoards Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

Wiki Spot Cross Site Scripting

Exploit Title: Wiki Spot Cross Site Scripting Date: 18.02.2012 Author: Sony Software Link: http://wikispot.org/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/wiki-spot-cross-site-scripting.html...

AtWiki Cross Site Scripting

Exploit Title: @Wiki Cross Site Scripting Date: 16.02.2012 Author: Sony Software Link: http://atwiki.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/wiki-cross-site-scripting.html...

SeedWiki Cross Site Scripting

Exploit Title: SeedWiki Cross Site Scripting Date: 8.02.2012 Author: Sony Software Link: http://www.seedwiki.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/seedwiki-cross-site-scripting.html...

BtiTracker 1.3.x / 1.4.x SQL Injection

!/usr/bin/env python xpl0it /\ \ /\ \ /\ \ //\ / \ ,\L\ /\ \ ,\ \ \ \ /' /\ \ /'\ /'/\ /\ /'/\ \ \ / /\ /\ \ \ /\ /\ /\ \L\ /\ //\ /\ \ \ \ \ / \ \ \ \ \ \ \ \ /\ \ \ \ \ \\ /\ \ \ \ \/ \ //////////// // // //// // \ // www.insecurity.ro // BtiTracker...