CVE-2024-47806

Jenkins OpenId Connect Authentication Plugin 4.354.v321ce67a1de8 and earlier does not check the aud Audience claim of an ID Token, allowing attackers to subvert the authentication flow, potentially gaining administrator access to Jenkins...

Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover

As many as 34 unique vulnerable Windows Driver Model WDM and Windows Driver Frameworks WDF drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems. "By exploiting the drivers, an attacker without privilege...

Design/Logic Flaw

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locke...

The Challenge of Cracking Iran’s Internet Blockade

People around the world are rallying to subvert Iran's internet shutdown, but actually pulling it off is proving difficult and risky...

CVE-2021-22004

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

CVE-2021-22004

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

CVE-2021-22004

Removed by vendor...

PT-2021-14842 · Saltstack +1 · Saltstack Salt +1

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions prior to 3003.3 Description: An issue was discovered that allows a malicious actor to subvert the proper behavior of the minion software. This occurs when the salt minion installer accepts and uses a minion config file...

Hancitor: fileless attack with a DLL copy trick

This article was authored by David Sánchez, Mickaël Roger, and Jérôme Segura During the past few years, malicious spam campaigns have proven to be one of the most efficient infection vectors, in part due to a combination of social engineering and a regular number of Office vulnerabilities. The...

URGE (Universal Rapid Gamma Emitter) Hijacking Twitter Trends Released by Anonymous

URGE Universal Rapid Gamma Emitter Hijacking Twitter Trends Released by Anonymous Anonymous have created something called Universal Rapid Gamma Emitter, or more simply URGE, which hijacks Twitter trending topics, allowing Anonymous members and supporters to subvert the topic with their own embedd...

sudo -- Secure path vulnerability

Todd Miller reports: Most versions of the C library function getenv return the first instance of an environment variable to the caller. However, some programs, notably the GNU Bourne Again SHell bash, do their own environment parsing and may choose the last instance of a variable rather than the...

Adobe Flash Player Subvert Domain Sandbox (APSB10-06; CVE-2010-0186)

A critical vulnerability has been identified in Adobe Flash Player. This vulnerability could subvert the domain sandbox and make unauthorized cross-domain requests. The vulnerability could allow remote attackers to bypass intended sandbox restrictions and make cross-domain requests via unspecifie...